[kwlug-disc] Easy Software based VPN

Joe Wennechuk youcanreachmehere at hotmail.com
Wed May 7 12:53:30 EDT 2014


I am going to get a hardware device for this purpose. I don't want to end up having to support all of the user administration. 

What would be the best low cost hardware VPN for connecting windows clients? I am not sure If I want to use Cisco, and their VPN client. I was hoping I could find one that can use native windows tools to set up the VPN instead of some proprietary client software.

My higher-ups don't want DDWRT, or PF sense.

> Date: Mon, 5 May 2014 19:33:04 -0400
> From: unsolicited at swiz.ca
> To: kwlug-disc at kwlug.org
> Subject: Re: [kwlug-disc] Easy Software based VPN
> 
> Less reliable? Either she works and you have connectivity, or you don't. 
> Whether client interfaces are user friendly, or encryption is 
> sufficient, is a different story. As is easy of setup, if any. Most of 
> the time, for most of the people, any encryption is more than 
> sufficient. (Anyone so interested probably can't break in any time frame 
> that matters.)
> 
> Let's remember that OpenVPN is a different beastie than IPSec, the 
> international standard. OpenVPN is more than sufficient most of the 
> time, but I understand there is a point at which it doesn't scale very 
> well. i.e. There is a tipping point where the simplicity of setup of 
> OpenVPN doesn't scale as well/simply, while IPSec is apparently 
> irritatingly complex to set up - but once implemented scales almost 
> endlessly, easily.
> 
> And there's a cost tradeoff in that too. OpenVPN, cheap or free, IPSec 
> non-trivial cost. In either case, most of the cost is in the admin time 
> to set up / maintain, not the fees charged. (Per user basis.) And with 
> developer fees/costs you get a more refined / user friendly client end. 
> (e.g. As I understand it, the proprietary Cisco VPN solution.)
> 
> In the end, likely any encryption, even PPTP, will more than suffice. If 
> encryption is even needed. (And even that is less often than commonly 
> thought.)
> 
> https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn
> 
> "Due to the major security flaws, there is no good reason to choose PPTP 
> other than device compatibility" - not quite true. PPTP being faster / 
> having lower overhead. But there's a premise here: Is there any real 
> value in your data that people will want to expend time and resources on 
> deciphering? Probably not, particularly when it is only the pipes, not 
> 3rd parties, whom even have access to the data stream. Most of the time, 
> the value of encryption is merely and only that it's not going across 
> the wire clear text. Beyond that, is there anything in your data people 
> are willing to spend $ on to discover - well, no encryption will be 
> sufficient for the truly determined. PPTP is probably more than 
> sufficient - but if OpenVPN is as easy to set up and with just as little 
> overhead / CPU requirements, may as well use it. Which to use has less 
> to do with encryption strength / security flaws than just about every 
> other aspect beyond that.
> 
> http://networkengineering.stackexchange.com/questions/1067/what-are-the-downsides-of-openvpn
> 
> http://www.enterprisenetworkingplanet.com/netsecur/article.php/3844861/OpenVPN-Is-Too-Slow-Time-to-Consider-IPSEC.htm
> 
> 
> On 14-05-05 02:43 PM, CrankyOldBugger wrote:
> > PPTP is an older, less reliable tech.  Use L2TP or, even better, openVPN.
> >   If you go with openVPN (as many people do), be sure to steer clear of the
> > versions affected by Heartbleed!
> >
> > There's a comparison of some different types at
> > http://www.giganews.com/vyprvpn/compare-vpn-protocols.html
> 
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140507/9e0633a2/attachment.html>


More information about the kwlug-disc mailing list