Re: Optimal VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/10/10 2:42 AM, David Sommerseth wrote:
> On 09/12/10 17:29, Steve Clark wrote:
>> On 12/09/2010 10:30 AM, David Sommerseth wrote:
>>> On 25/11/10 14:12, J.Witvliet@xxxxxxxxx wrote:
> [...snip...]
>>>
>>>> Furthermore, openvpn is only compatible with openvpn, while using ipsec you might be able to connect to other boxes.
>>>>
>>> That is mostly true, except for those vendors adding their own
>>> proprietary extensions to their ipsec implementations ... thus making it
>>> a vendor lock-in again.
>>>
>>>
>> Hmm... We run ipsec, (using ipsec-tools on both Linux and FreeBSD),
>>   to Cisco, Juniper, NetScreen and many others without problem.
>> What vendors are you talking about?
>
> I don't have personal hand-on experiences with ipsec issues.  However, I
> would expect things to work flawlessly as long as you don't enable
> vendor specific features, or if you enable compatible features.
>
> <http://www.veiligmobiel.com/IPsecCompatibility.htm>
>
> And I believe it will be even more differences if you try to use a
> "tunnelled" setup versus a "transport" setup, where the tunnelled mode
> will act more a like a SSL based VPN.  If I have understood it correctly.

On Ciscos I've always run GRE tunnels with only the GRE packets going through 
ipsec to get interfaces that can handle dynamic routing protocols, multicast, 
etc.  Is there a way to get that kind of tunnel interface with ipsec alone?

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux