OpenVPN [was: IPSec VPN docs]

Brian Chase networkr0 at cfl.rr.com
Fri Mar 26 19:43:35 UTC 2004 

Yeah, you can also open port 22 on the firewall and VPN to the OpenVPN 
server behind your Dlink

Florin Andrei wrote:

> On Fri, 2004-03-26 at 11:24, Mark Haney wrote:
> 
>>Hey thanks for that.  I might try that if the DLINK people can't give me 
>>what I need.  I found a FreeSWAN doc about setting up an IPSec VPN from a 
>>DLINK firewall but it was in Russian, and since my Russian is rusty 
>>(*cough, non existant, cough*), it really hasn't helped much.  If FreeSWAN 
>>doesn't jive, I'll try that with the DLINK.
> 
> 
> Just remember, OpenVPN is not based on IPSec and it cannot interoperate
> with IPSec-based VPN devices.
> I'm not sure what your DLINK thing is, but if it's some kind of VPN
> server appliance, and it's based on IPSec, an OpenVPN client will not be
> able to connect to it; so, you cannot try OpenVPN "with the DLINK".
> 
> What you can do, though, is to install a Linux box and configure it as
> an OpenVPN server. Quite a few people are actually using their Linux
> firewalls as OpenVPN servers - maybe not the absolute best idea from a
> technical p.o.v., but it's cheap and simple (it's the situation
> described in the howto on fedoranews.org).
> 
> Good luck,
> 
> 
>>On 26 Mar 2004 11:06:25 -0800, Florin Andrei <florin at andrei.myip.org> 
>>wrote:
>>
>>
>>>On Sun, 2004-03-21 at 12:07, Mark Haney wrote:
>>>
>>>>I'm trying to get a VPN setup between my FC1 box at home and a DLink
>>>>DFL300 at my office so I can do some things securely without having to
>>>>make the 30 minute drive in to work to fix stuff.  I've googled the
>>>>subject and the amount of documentation is pretty immense.  Can someone
>>>>give me a shortened version what I need to configure or point me to a 
>>>>good
>>>>step by step doc on how to do it?
>>>
>>>Well, if IPSec is not a specific requirement, and if you actually could
>>>use any VPN solution that's simple to install, secure and feature-rich,
>>>have a look at OpenVPN:
>>>
>>>http://openvpn.sourceforge.net/
>>>
>>>A brief "cookbook recipe" HOWTO:
>>>
>>>http://fedoranews.org/contributors/florin_andrei/openvpn/
>>>
>>>IPSec VPN (like FreeS/WAN) is nice because it's compatible with all
>>>kinds of VPN devices and software.
>>>However, it can be a pain to install, even more so if you're using
>>>Windows clients (but Linux is not a lot simpler, especially if you have
>>>non-geek users). Also, it is very, very picky if there are firewalls in
>>>between, especially if you go through NAT.
>>>
>>>OpenVPN is very simple to install, it does not require weird kernel
>>>patches, it is firewall-friendly, works just fine with Windows (and
>>>Solaris, and BSD), can tunnel through proxies, etc.
>>>
>>>It is not a typical "SSL VPN" - i mean, it is not a browser-based VPN,
>>>even though it's using SSL to encrypt the tunnel. Think of it as exactly
>>>the same thing as FreeS/WAN except it's using SSL instead of IPSec;
>>>otherwise, it can route arbitrary IP protocols, it does not require a
>>>browser, etc.
>>>Just like FreeS/WAN, but without the pain.
>>>
>>
>>
>>
>>-- 
>>Estne volumen in toga, an solum tibi libet me videre?
>>
>>Mark Haney
>>Development, Systems and Network Administration
>>DoctorDirectory.com
>>http://www.doctordirectory.com

-- 
Brian Chase			Phone:  386-775-5366
2345 Hillside Ave.		Fax:    309-276-2048
Orange City, FL  32763		Email:  networkr0 at cfl.rr.com

http://openalternatives.net

More information about the fedora-list mailing list