[lug] General VPN comparison

Nate Duehr nate at natetech.com
Wed Feb 16 17:34:56 MST 2005 

Daniel Webb wrote:

>What is the best VPN for general use?
>

The one you understand how to set up and secure properly or are going to 
take the time to learn and test with.  (This is the proper answer for 
ALL security-related questions anywhere, on any system, anytime.  ;-) )

>  OpenVPN was mentioned in the
>reverse tunnel thread, is it the best (free/open source) thing out there
>for Linux?
>
Depends on what you're trying to do, but OpenVPN is very flexible and 
popular.

>  Is it stable?
>
Like all Free software, that's up to you to decide, as there's no 
warranty usually, but everyone I've talked to seems to like it.

>  Are businesses using it for mission-critical
>networks?
>  
>
Probably.  Google for stories.

So far, all the companies I've worked for have wanted a "brand name" on 
their VPN.  Cisco, Nortel, whatever... they apparently want someone they 
can sue if it doesn't work, and they feel more comfortable purchasing 
something they have heard other people use.

"Is there something I can use for free out there?"  It's just not even 
thought of -- they figure they sell things to stay in business, they 
must have to buy something to get a VPN.

I've seen small implementations of OpenVPN for small businesses who are 
actively searching to keep costs low and inside corporate projects that 
need a tunnel from one place to another for some internal function, so 
the sysadmins use it as a tool for that... but haven't seen anyplace 
using it for generic end-user VPN access for Windows or other client 
machines.

There's probably other reasons too, like having to deal with coming up 
with ways to help end-users install it, etc.

So in my opinion only, I think you'll see most large companies stay with 
other large companies VPN products for a long time. 

Many VPN gateway routers and software solutions do support some subset 
of IPSec and depending on the level of cluefulness of the administrators 
and policies of the companies, generic IPSec connections can usually be 
made if special authentication like key fobs and or biometrics aren't in 
use.

There's also always folks out there who do neat things like write 
open-source clients for proprietary VPN's, like "vpnc" for some of the 
Cisco VPN devices.  That one is an example of easier/better software (in 
my opinion) than Cisco's own Linux client.

Nate

More information about the LUG mailing list