On 16 Apr 2003 at 17:05, Jeff wrote: > Felipe Martínez Hermo, 2003-Apr-16 18:23 +0100: > > > > So far, I also prefer IPSec because it seems to be the most > > standard-compliant implementation, but I want to know my options. I > > have just bought Kolesnikov's book, but I have not started with it > > yet. One last thing: shold I set up a router (and so start with > > Adv-router-HOWTO) or should I go directly to FreeSwan Documentation? > > > > I am a little puzzled and I don't know what to start with. > > > > Thanks for your help > > Be careful in assuming that IPSec is "standard-compliant". It's more > of a reference model for implimentors to use. Interoperability > between different implimenations is sketchy and usaully only works in > a very basic configuration, such as Main Mode (as opposed to Agressive > Mode) and with Pre-shared keys (as opposed to certificates). > > Since you have Windows PC's on the road, be sure that there are > available clients that interoperate with FreeSwan.
You can even have it interop with the nativ Win2k/XP-implementations. I've set up an ipsec-vpn with an l2tp-tunnel, which is (besides the worse pptp-thing) the default for Win2k/XP. And you can even freely download tools for free from Microsoft to get it working from Win95 onward. Okay, don't know why the Microsoft-people added the l2tp- thing (FreeS/Wan can do complex tunnels even without this "workaround") but it works perfect.
