[Openswan Users] VPN-1 Edge X to Openswan success (AES)

[Jerome Kaidor]

Jacco de Leeuw wrote:
> 
> Jerry Kaidor wrote:
> 
> > Meanwhile, an openswan-openswan connection just hums along for weeks'n
> > weeks without crashing.
> 
> You are comparing apples with oranges.
*** No matter.  The object here is not to be "fair", but to get my customer
the most solid and secure VPN support - and not coincidentally, to minimize my
own evenings/weekends/whatever marathon debugging/devirusing/donkey-work
sessions.  

> 
> Can you post more details about those L2TP/IPsec crashes that you
> experienced?

*** Right now, I have it mostly working.  I just don't have much faith
in it.  Connections will sometimes be partially set up, and the server
then locks my IP out so I can't even SSH in to fix it.  I think others
have mentioned this.  And more than once, it has disabled the Internet
connection entirely, and I had to drive 20 miles to fix it.  For the
moment, while I play with it, I have a cron job that stops and starts
the ipsec subsystem in the server once and hour.  Not acceptable
for production.


> 
> They run old Linux kernels and an old version of FreeS/WAN. For security
> reasons you would probably want to install one of the other distributions
> such as OpenWRT. And if you want to support dynamic IP addresses you will
> have to use RSA keys or X.509 certificates.
> 
*** The local computer surplus store had "reconditioned" WRT54G's for USD 40.
I bought three of them to play with.  Will be installing OpenWRT and Openswan.

                       - Jerry Kaidor ( jerry at tr2.com )