SysAdmin Adventures

There is a huge amount I would like to say about OpenVPN and the idea of true SSL VPNs as a replacement for the insanity of IPSec VPNs, but it would only be garbled and incomplete. That being the case, no-one may discuss VPN until they have at least skimmed through this whitepaper:

http://www.sans.org/rr/whitepapers/vpns/1459.php

At work, I have replaced the VPN solution that used to be provided by a SonicWALL hardware firewall with OpenVPN running on a Slackware64 server.

• The performance is so many orders of magnitude higher it’s not worth calculating.
• No-one’s ISP ever gets in the way any more with undiagnosable failure, because communication now depends solely on UDP/1194.
• The simplicity and interoperability has allowed us to do things we never could have done before.
• We no longer depend on proprietary software from SonicWALL which, to be honest, I wouldn’t use to wipe my own arse with.
• OpenVPN is happily chugging away tunnelling Layer 2 so I don’t have to worry about protocols.
• I can now tunnel from pretty much any operating system instead of only the Windows boxes that fall over and die at the thought of the proprietary IPSec driver.

It’s beautiful, it has reduced my workload and I love it. You will too.