OpenVPN :: The ONLY VPN
There is a huge amount I would like to say about OpenVPN and the idea of true SSL VPNs as a replacement for the insanity of IPSec VPNs, but it would only be garbled and incomplete. That being the case, no-one may discuss VPN until they have at least skimmed through this whitepaper:
http://www.sans.org/rr/whitepapers/vpns/1459.php
At work, I have replaced the VPN solution that used to be provided by a SonicWALL hardware firewall with OpenVPN running on a Slackware64 server.
- The performance is so many orders of magnitude higher it’s not worth calculating.
- No-one’s ISP ever gets in the way any more with undiagnosable failure, because communication now depends solely on UDP/1194.
- The simplicity and interoperability has allowed us to do things we never could have done before.
- We no longer depend on proprietary software from SonicWALL which, to be honest, I wouldn’t use to wipe my own arse with.
- OpenVPN is happily chugging away tunnelling Layer 2 so I don’t have to worry about protocols.
- I can now tunnel from pretty much any operating system instead of only the Windows boxes that fall over and die at the thought of the proprietary IPSec driver.
It’s beautiful, it has reduced my workload and I love it. You will too.
I also love OpenVPN, though have only one ‘line’ – a point-to-point connection of one gate with my other PC.
I also translate the OpenVPN HOWTO into Russian, because I want to help the project, I’m from Russia and I didn’t find the official HOWTO translated into Russian on the Net.
I’m not a programmer, I’m a sysadmin, so I don’t create programs and I can’t help OpenVPN project with code. But I’m a student of philologycal faculty, I study English, that’s why hope that my translation will be not bad & it’ll help somebody.