[kwlug-disc] Easy Software based VPN
unsolicited
unsolicited at swiz.ca
Mon May 5 19:33:04 EDT 2014
Less reliable? Either she works and you have connectivity, or you don't.
Whether client interfaces are user friendly, or encryption is
sufficient, is a different story. As is easy of setup, if any. Most of
the time, for most of the people, any encryption is more than
sufficient. (Anyone so interested probably can't break in any time frame
that matters.)
Let's remember that OpenVPN is a different beastie than IPSec, the
international standard. OpenVPN is more than sufficient most of the
time, but I understand there is a point at which it doesn't scale very
well. i.e. There is a tipping point where the simplicity of setup of
OpenVPN doesn't scale as well/simply, while IPSec is apparently
irritatingly complex to set up - but once implemented scales almost
endlessly, easily.
And there's a cost tradeoff in that too. OpenVPN, cheap or free, IPSec
non-trivial cost. In either case, most of the cost is in the admin time
to set up / maintain, not the fees charged. (Per user basis.) And with
developer fees/costs you get a more refined / user friendly client end.
(e.g. As I understand it, the proprietary Cisco VPN solution.)
In the end, likely any encryption, even PPTP, will more than suffice. If
encryption is even needed. (And even that is less often than commonly
thought.)
https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn
"Due to the major security flaws, there is no good reason to choose PPTP
other than device compatibility" - not quite true. PPTP being faster /
having lower overhead. But there's a premise here: Is there any real
value in your data that people will want to expend time and resources on
deciphering? Probably not, particularly when it is only the pipes, not
3rd parties, whom even have access to the data stream. Most of the time,
the value of encryption is merely and only that it's not going across
the wire clear text. Beyond that, is there anything in your data people
are willing to spend $ on to discover - well, no encryption will be
sufficient for the truly determined. PPTP is probably more than
sufficient - but if OpenVPN is as easy to set up and with just as little
overhead / CPU requirements, may as well use it. Which to use has less
to do with encryption strength / security flaws than just about every
other aspect beyond that.
http://networkengineering.stackexchange.com/questions/1067/what-are-the-downsides-of-openvpn
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3844861/OpenVPN-Is-Too-Slow-Time-to-Consider-IPSEC.htm
On 14-05-05 02:43 PM, CrankyOldBugger wrote:
> PPTP is an older, less reliable tech. Use L2TP or, even better, openVPN.
> If you go with openVPN (as many people do), be sure to steer clear of the
> versions affected by Heartbleed!
>
> There's a comparison of some different types at
> http://www.giganews.com/vyprvpn/compare-vpn-protocols.html
More information about the kwlug-disc
mailing list