[Openswan Users] VPN-1 Edge X to Openswan success (AES)
Jacco de Leeuw
jacco2 at dds.nl
Wed Dec 14 18:04:19 CET 2005
Jerry Kaidor wrote:
> thought I would use the built-in IPSEC/L2TP support in Win2K/XP. But I
> am reluctantly coming to the conclusion that it is just too fragile for a
> production environment. It's more in the category of "amazed that it
> works at all" rather than "set it up and forget it".
> Meanwhile, an openswan-openswan connection just hums along for weeks'n
> weeks without crashing.
You are comparing apples with oranges. It is no wonder that LAN-to-LAN
connections between peers running the same implementation are more stable.
Especially if they are supported by good Linux sysadmins.
In the L2TP/IPsec scenario you have less knowledgable users (I am being
polite now) running a closed source implementation by a convicted monopolist.
Can you post more details about those L2TP/IPsec crashes that you experienced?
> So I would really like to use some sort of VPN endpoint hardware.
> Unfortunately, I cannot afford the VPN-1 edge boxes. I am thinking
> about getting a couple of Linksys WRT54G routers, which are dirt cheap
> and run Linux - the older versions, anyway.
They run old Linux kernels and an old version of FreeS/WAN. For security
reasons you would probably want to install one of the other distributions
such as OpenWRT. And if you want to support dynamic IP addresses you will
have to use RSA keys or X.509 certificates.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users