[kwlug-disc] Easy Software based VPN

unsolicited unsolicited at swiz.ca
Mon May 5 19:33:04 EDT 2014 

Less reliable? Either she works and you have connectivity, or you don't. 
Whether client interfaces are user friendly, or encryption is 
sufficient, is a different story. As is easy of setup, if any. Most of 
the time, for most of the people, any encryption is more than 
sufficient. (Anyone so interested probably can't break in any time frame 
that matters.)

Let's remember that OpenVPN is a different beastie than IPSec, the 
international standard. OpenVPN is more than sufficient most of the 
time, but I understand there is a point at which it doesn't scale very 
well. i.e. There is a tipping point where the simplicity of setup of 
OpenVPN doesn't scale as well/simply, while IPSec is apparently 
irritatingly complex to set up - but once implemented scales almost 
endlessly, easily.

And there's a cost tradeoff in that too. OpenVPN, cheap or free, IPSec 
non-trivial cost. In either case, most of the cost is in the admin time 
to set up / maintain, not the fees charged. (Per user basis.) And with 
developer fees/costs you get a more refined / user friendly client end. 
(e.g. As I understand it, the proprietary Cisco VPN solution.)

In the end, likely any encryption, even PPTP, will more than suffice. If 
encryption is even needed. (And even that is less often than commonly 
thought.)

https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn

"Due to the major security flaws, there is no good reason to choose PPTP 
other than device compatibility" - not quite true. PPTP being faster / 
having lower overhead. But there's a premise here: Is there any real 
value in your data that people will want to expend time and resources on 
deciphering? Probably not, particularly when it is only the pipes, not 
3rd parties, whom even have access to the data stream. Most of the time, 
the value of encryption is merely and only that it's not going across 
the wire clear text. Beyond that, is there anything in your data people 
are willing to spend $ on to discover - well, no encryption will be 
sufficient for the truly determined. PPTP is probably more than 
sufficient - but if OpenVPN is as easy to set up and with just as little 
overhead / CPU requirements, may as well use it. Which to use has less 
to do with encryption strength / security flaws than just about every 
other aspect beyond that.

http://networkengineering.stackexchange.com/questions/1067/what-are-the-downsides-of-openvpn

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3844861/OpenVPN-Is-Too-Slow-Time-to-Consider-IPSEC.htm


On 14-05-05 02:43 PM, CrankyOldBugger wrote:
> PPTP is an older, less reliable tech.  Use L2TP or, even better, openVPN.
>   If you go with openVPN (as many people do), be sure to steer clear of the
> versions affected by Heartbleed!
>
> There's a comparison of some different types at
> http://www.giganews.com/vyprvpn/compare-vpn-protocols.html

More information about the kwlug-disc mailing list