[kwlug-disc] Easy Software based VPN
youcanreachmehere at hotmail.com
Wed May 7 12:53:30 EDT 2014
I am going to get a hardware device for this purpose. I don't want to end up having to support all of the user administration.
What would be the best low cost hardware VPN for connecting windows clients? I am not sure If I want to use Cisco, and their VPN client. I was hoping I could find one that can use native windows tools to set up the VPN instead of some proprietary client software.
My higher-ups don't want DDWRT, or PF sense.
> Date: Mon, 5 May 2014 19:33:04 -0400
> From: unsolicited at swiz.ca
> To: kwlug-disc at kwlug.org
> Subject: Re: [kwlug-disc] Easy Software based VPN
> Less reliable? Either she works and you have connectivity, or you don't.
> Whether client interfaces are user friendly, or encryption is
> sufficient, is a different story. As is easy of setup, if any. Most of
> the time, for most of the people, any encryption is more than
> sufficient. (Anyone so interested probably can't break in any time frame
> that matters.)
> Let's remember that OpenVPN is a different beastie than IPSec, the
> international standard. OpenVPN is more than sufficient most of the
> time, but I understand there is a point at which it doesn't scale very
> well. i.e. There is a tipping point where the simplicity of setup of
> OpenVPN doesn't scale as well/simply, while IPSec is apparently
> irritatingly complex to set up - but once implemented scales almost
> endlessly, easily.
> And there's a cost tradeoff in that too. OpenVPN, cheap or free, IPSec
> non-trivial cost. In either case, most of the cost is in the admin time
> to set up / maintain, not the fees charged. (Per user basis.) And with
> developer fees/costs you get a more refined / user friendly client end.
> (e.g. As I understand it, the proprietary Cisco VPN solution.)
> In the end, likely any encryption, even PPTP, will more than suffice. If
> encryption is even needed. (And even that is less often than commonly
> "Due to the major security flaws, there is no good reason to choose PPTP
> other than device compatibility" - not quite true. PPTP being faster /
> having lower overhead. But there's a premise here: Is there any real
> value in your data that people will want to expend time and resources on
> deciphering? Probably not, particularly when it is only the pipes, not
> 3rd parties, whom even have access to the data stream. Most of the time,
> the value of encryption is merely and only that it's not going across
> the wire clear text. Beyond that, is there anything in your data people
> are willing to spend $ on to discover - well, no encryption will be
> sufficient for the truly determined. PPTP is probably more than
> sufficient - but if OpenVPN is as easy to set up and with just as little
> overhead / CPU requirements, may as well use it. Which to use has less
> to do with encryption strength / security flaws than just about every
> other aspect beyond that.
> On 14-05-05 02:43 PM, CrankyOldBugger wrote:
> > PPTP is an older, less reliable tech. Use L2TP or, even better, openVPN.
> > If you go with openVPN (as many people do), be sure to steer clear of the
> > versions affected by Heartbleed!
> > There's a comparison of some different types at
> > http://www.giganews.com/vyprvpn/compare-vpn-protocols.html
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kwlug-disc