# looking for VPN-solution

## Speen

Hi everybody,

I'm looking for a easy-to-use VPN-solution. Easy-to-use means, that there is no need to install software on the client. The clients are all windows-boxes. The build in VPN-client allows pptp and l2tp/IPSec (i guess).

I'll prefer the l2tp/IPSec solution. I've tried OpenSwan, which fails if it comes to 'easy-to-use'. ;)

I'm not very familiar with VPN-solutions in the OpenSource market. Do you know other solutions?

kind regards

Alex

----------

## Anarcho

As I installed a PPTP Server myself just 2 days ago I can say that it is pretty easy (look at the gentoo-wiki). But encryption is not very strong and it is not possible to use certificates. If this is not a problem, I guess that it will be the easiest way without client software installation.

----------

## Speen

 *Anarcho wrote:*   

> As I installed a PPTP Server myself just 2 days ago I can say that it is pretty easy (look at the gentoo-wiki). But encryption is not very strong and it is not possible to use certificates. If this is not a problem, I guess that it will be the easiest way without client software installation.

 

thank you very much, I'll have a look.

----------

## depontius

I would very much suggest OpenVPN.  I've heard some bad things about PPTP security.  One of the OpenVPN developers was also on the IPSEC team, felt the result was overly complex, and OpenVPN is at least partly a reaction.  Here's the Secunia vulnerability page: http://secunia.com/product/5568/?task=statistics

OpenVPN shared in the recent Debian SSL random number generator problem, but other than that the last problems were in 2006, and all problems have been fixed.  Notably, of the 4 2006 errors, 2 were really OpenSSL problems, 1 was an exposure to a malicious DHCP server on the endpoint, (which I owned, so wasn't an exposure to me) and 1 was an exposure to a malicious client.

OpenVPN has good documentation, and it's worth reading their key generation HowTo so you can do the job well.  In addition there's a Windows client available, and I've used it too.

----------

## UberLord

Of late I've found OpenVPN a touch unreliable and slow. I'm now investigating an IPsec solution, and the configuration doesn't look that hard.

http://gentoo-wiki.com/HOWTO_IPSEC

----------

## Speen

 *UberLord wrote:*   

> Of late I've found OpenVPN a touch unreliable and slow. I'm now investigating an IPsec solution, and the configuration doesn't look that hard.
> 
> http://gentoo-wiki.com/HOWTO_IPSEC

 

Thanks for that, I'll have a look

----------

## UberLord

However, I cannot get my Linux server to act as an IPsec tunnel endpoint :/

The server sees the packets fine, it just chooses not to decrypt them before forwarding.

I think this is a kernel bug that's been around for some time so I'm now investigating using a small NetBSD box to be the tunnel endpoint.

----------

## richard.scott

 *UberLord wrote:*   

> Of late I've found OpenVPN a touch unreliable and slow. I'm now investigating an IPsec solution, and the configuration doesn't look that hard.
> 
> http://gentoo-wiki.com/HOWTO_IPSEC

 

I've been using OpenVPN for years and its always been quick and stable.

You can even build your own client installer package with your own customised configuration settings. This makes deployment a doddle as its a quick .exe installation.

----------

## depontius

I don't know about slow, but I do know that OpenVPN connects much more reliably to my home endpoint than my employer's VPN connects to their endpoints.

----------

## UberLord

I'm using OpenVPN to secure my wireless link.

However, due to rt2500 now using the new driver with newer kernels, and the newer driver still being a little flaky, my wireless link sometimes drops for a few seconds.

OpenVPN then stalls and eventually sorts itself out with a restart which in turn messes up my connection.

Yes, I'm sure that there's workarounds to this in OpenVPN but damned if I can find something that doesn't suck as much as mine currently does.

As IPsec works on the link directly my issue should be cured  :Smile: 

----------

