[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-devel-list
Subject: Re: VPN solution(s) for Fedora Core
From: "H. Peter Anvin" <hpa () zytor ! com>
Date: 2004-05-31 7:32:12
Message-ID: 40BADF7C.6040305 () zytor ! com
[Download RAW message or body]
Florin Andrei wrote:
> On Fri, 2004-05-21 at 08:52, Jason Tackaberry wrote:
>
>>I think the other main contender for VPN software in Fedora Core would
>>be Openswan. OpenVPN is portable, comfortable (being in userspace),
>>flexible, and easy, but Openswan implements IPsec which is (mostly)
>>standardized across vendors, and that's certainly a strong selling
>>point, in spite of its complexity.
>
> Openswan is good to keep around, just in case you need to talk to IPSec
> devices. But it's a pain in the butt; it's NAT-unfriendly, free and good
> Windows clients are lacking, interoperability is problematic, etc.
>
Eh?
OpenSWAN 2.1.2 works fine, interoperates fine with *most* IPSec clients,
including WinXP, and supports NAT-T (a.k.a. IPSec over UDP), so there
shouldn't be any problems.
I have been running OpenSWAN for a while now and the only problem I've
had with it is its somewhat limited handling of aggressive mode (which
FreeSWAN didn't implement due to its known security holes.)
-hpa
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-devel-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic