[kwlug-disc] Easy Software based VPN

Jonathan Poole jpoole at digitaljedi.ca
Wed May 7 12:59:34 EDT 2014


If you don’t want user administration, then ipsec tunnels are the way to go.

IPsec devices on the low grade could be pfsense (I think),  Possibly DLINK could do it (cannot comment), or pick up a couple of juniper net screen 5 GT NS-5GT-001 VPN firewall devices, or low end link sys VPN devices.

If the budget supports it, cisco 5505’s would be ideal as there is lots of documentation to support them.






On May 7, 2014, at 12:53 PM, Joe Wennechuk <youcanreachmehere at hotmail.com> wrote:

> I am going to get a hardware device for this purpose. I don't want to end up having to support all of the user administration. 
> 
> What would be the best low cost hardware VPN for connecting windows clients? I am not sure If I want to use Cisco, and their VPN client. I was hoping I could find one that can use native windows tools to set up the VPN instead of some proprietary client software.
> 
> My higher-ups don't want DDWRT, or PF sense.
> 
> > Date: Mon, 5 May 2014 19:33:04 -0400
> > From: unsolicited at swiz.ca
> > To: kwlug-disc at kwlug.org
> > Subject: Re: [kwlug-disc] Easy Software based VPN
> > 
> > Less reliable? Either she works and you have connectivity, or you don't. 
> > Whether client interfaces are user friendly, or encryption is 
> > sufficient, is a different story. As is easy of setup, if any. Most of 
> > the time, for most of the people, any encryption is more than 
> > sufficient. (Anyone so interested probably can't break in any time frame 
> > that matters.)
> > 
> > Let's remember that OpenVPN is a different beastie than IPSec, the 
> > international standard. OpenVPN is more than sufficient most of the 
> > time, but I understand there is a point at which it doesn't scale very 
> > well. i.e. There is a tipping point where the simplicity of setup of 
> > OpenVPN doesn't scale as well/simply, while IPSec is apparently 
> > irritatingly complex to set up - but once implemented scales almost 
> > endlessly, easily.
> > 
> > And there's a cost tradeoff in that too. OpenVPN, cheap or free, IPSec 
> > non-trivial cost. In either case, most of the cost is in the admin time 
> > to set up / maintain, not the fees charged. (Per user basis.) And with 
> > developer fees/costs you get a more refined / user friendly client end.
> > (e.g. As I understand it, the proprietary Cisco VPN solution.)
> > 
> > In the end, likely any encryption, even PPTP, will more than suffice. If 
> > encryption is even needed. (And even that is less often than commonly 
> > thought.)
> > 
> > https://www.ivpn.net/pptp-vs-l2tp-vs-openvpn
> > 
> > "Due to the major security flaws, there is no good reason to choose PPTP 
> > other than device compatibility" - not quite true. PPTP being faster / 
> > having lower overhead. But there's a premise here: Is there any real 
> > value in your data that people will want to expend time and resources on 
> > deciphering? Probably not, particularly when it is only the pipes, not
> > 3rd parties, whom even have access to the data stream. Most of the time, 
> > the value of encryption is merely and only that it's not going across 
> > the wire clear text. Beyond that, is there anything in your data people 
> > are willing to spend $ on to discover - well, no encryption will be 
> > sufficient for the truly determined. PPTP is probably more than 
> > sufficient - but if OpenVPN is as easy to set up and with just as little 
> > overhead / CPU requirements, may as well use it. Which to use has less 
> > to do with encryption strength / security flaws than just about every 
> > other aspect beyond that.
> > 
> > http://networkengineering.stackexchange.com/questions/1067/what-are-the-downsides-of-openvpn
> > 
> > http://www.enterprisenetworkingplanet.com/netsecur/article.php/3844861/OpenVPN-Is-Too-Slow-Time-to-Consider-IPSEC.htm
> > 
> > 
> > On 14-05-05 02:43 PM, CrankyOldBugger wrote:
> > > PPTP is an older, less reliable tech. Use L2TP or, even better, openVPN.
> > > If you go with openVPN (as many people do), be sure to steer clear of the
> > > versions affected by Heartbleed!
> > >
> > > There's a comparison of some different types at
> > > http://www.giganews.com/vyprvpn/compare-vpn-protocols.html
> > 
> > 
> > _______________________________________________
> > kwlug-disc mailing list
> > kwlug-disc at kwlug.org
> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140507/1936d279/attachment-0001.html>


More information about the kwlug-disc mailing list