[Openswan Users] Openswan vs Windows IPsec

Paul Wouters paul at xelerance.com
Thu Oct 19 23:09:37 EDT 2006 

On Thu, 19 Oct 2006, Hoffman, Jon wrote:

> The company I work for is looking at implementing an IPsec solution that
> will create an encrypted tunnel between us and one of our business partners.
> I business partner uses Cisco for their end of the tunnel.
> We are looking at two possible solutions right now, an Openswan running on
> Linux or using the IPsec that comes witn Windows 2003.  I am personally
> pushing the openswan solution because I am more familiar with Linux then I
> am with windows. Can anyone help me with advantages of openswan over windows
> IPsec.
> I am not looking for windows is bad answers, I need something to bring to my
> supervisors in a meeting tomorrow.

Obviously your answer is "I am far more competent and secure about configuring
and maintaining an openswan/linux server then a windows server". If the Windows
software would be superior, but you wouldn't know how to configure or maintain
it, it is obviously not the solution for you. (Same aplies to MCSE people using
Linux/openswan)

You can talk about the stability of (commercial) linux distributions. about the
transparent nature of opensource. These are somewhat political and subjective,
but important issues. You might have enough C and scripting skills to implement
workarounds for problems encountered.

On a purely technical level, you can say:

- Vendors use Openswan (and formerly FreeS/WAN) as their number #1 interop test.
- Openswan has a huge install base (arguably is the most used IPsec solution in
  existance today), mostly focussed on interconnecting servers,
  LAN's and acting as VPN concentrators. Windows IPsec is not as common for
  these deployments, they focus more on being an IPsec client, not a server.
- Linux distributions can be easilly stripped down to ONLY do VPN. With Windows
  there is always "things" running which you don't know about which need to
  be firewalled or they might get exploited.
- No expiry of license.
- Free software updates.
- Strong community support backed with professional commercial support available
  at reasonable prices.
- Openswan is known to interop with all Cisco models, and has various workaround
  clearly marked for (older) Cisco hardware and firmware.

Openswan (and formerly FreeS/WAN) are used by many large (fortune 500 and military)
organisations, and powers many embedded devices. You can dig through the archives
for some of them.

Good luck :)

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list