On 04/05/2016 12:30 PM, Gordon Messmer wrote:
IPSec is typically encapsulated on UDP port 4500, due to the ubiquity
of NAT. OpenVPN doesn't really have an advantage, there.
IPSec and OpenVPN (and the others) each have their use cases. I have
had experience with IPSec (via SmoothWall's SmoothTunnel
implementation), Cisco's VPN implementation, and the commercial OpenVPN
Access Server, and I have found OpenVPN AS the easiest to support for
the road warrior use case, including and especially wifi and 3G/4G
connected ios and android devices. OpenVPN AS will listen on TCP port
443, and virtually no one blocks TCP/443 (although you do lose some
tunnel functionality with TCP encapsulation).
I did have numerous issues with the road warrior cases with the IPSec
solution, many of which were firewall/captive portal issues and not
issues with the otherwise excellent SmoothTunnel. I will admit that I
have not tried an IPsec solution in a while, but I haven't had the need
to do so, either.
OpenVPN AS takes all the hard parts out of the server-side config, and
it works well on CentOS 7 (which is the platform on which I am running
the server). For point-to-point remote offices, I deploy small routers
running DD-WRT, which has a reasonable OpenVPN client that works well
once you get it working initially. It isn't necessarily the easiest to
get working, though.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
