Re: Optimal VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/09/2010 10:30 AM, David Sommerseth wrote:
On 25/11/10 14:12, J.Witvliet@xxxxxxxxx wrote:
[...snip...]
  
Will you be confronted with IPv6 in the (not so) near future? Forget
OpenVPN, it is still beta there, while it has been implemented in
strongswan for ages, and part of there standard test plan.
    
Okay, I'll admit up-front I'm biased, as I am involved in the OpenVPN
project.  But I can provide some info here.

IPv6 is currently in the development tree.  I'm using it on my personal
equipment now, using IPv6 over TUN interface between a OpenWRT router
and a Linux "road warrior" client.  I'm also looking for how to get this
code base compiled for maemo5 as well.  Early next year, I'm going to
run this development code on a couple of production boxes as well.

Another developer (the guy who implemented the IPv6 support) is also
using this IPv6 implementation in a bigger environment too.

We're currently in the end of the beta round for OpenVPN-2.2 and will
release a RC version around Christmas.  The full release will come
sometime around January.  That code base is without IPv6.  (2.2 is
basically a bigger bugfix release with a couple of new features)

The 2.3-beta round is scheduled sometime around February/March, with a
release slated for late summer 2011.  This release will include IPv6
support, both for transport (connect/listen/bind to IPv6 addresses) and
payload (IPv6 over tun and tap via tunnel with IPv6 client configuration
support).

<http://thread.gmane.org/gmane.network.openvpn.devel/4221>

But for early adopters ... the current development code is stable enough
for daily usage without too much troubles.  And we would like to see
more people testing out this code.

<https://community.openvpn.net/openvpn/wiki/TesterDocumentation>

  
Furthermore, openvpn is only compatible with openvpn, while using ipsec you might be able to connect to other boxes.
    
That is mostly true, except for those vendors adding their own
proprietary extensions to their ipsec implementations ... thus making it
a vendor lock-in again.

  
Hmm... We run ipsec, (using ipsec-tools on both Linux and FreeBSD),
 to Cisco, Juniper, NetScreen and many others without problem.
What vendors are you talking about?

    "That's the wonderful thing about standards,
     everyone can have their own"
                                      - unknown


kind regards,

David Sommerseth

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

  


--
Stephen Clark
NetWolves
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@xxxxxxxxxxxxx
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux