[nSLUG] network over WAN

Ian Campbell ian at slu.ms
Mon Jan 14 13:09:37 AST 2008


On Mon, Jan 14, 2008 at 01:17:00PM -0400, Jeff Warnica wrote:
> 
> Googling around I think that the current "best of breed" is Openswan  
> (http://openswan.org/) .. Its IPSec, so integrates with lots of other  
> products, from hardware to other OSs built in capabilities. There is a  
> book, too: http://safari.oreilly.com/1904811256

I was looking at that a while ago. It doesn't work very well with OSX,
if that's a concern (you *can* do it with the builtin OSX client, but
you need to jump through some hoops, and there are restrictions on how
you can set it up, and...)

There are also potential issues if you're stuck behind a dumber
firewall which doesn't pass GRE, which probably isn't a concern if
you're just linking two networks, but if you ever want to allow users
to connect in from the road... OpenVPN is udp by default, but if you
have users behind firewalls that don't understand udp 'state', you can
configure a tcp connection instead.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20080114/f22a5250/attachment-0002.pgp>


More information about the nSLUG mailing list