> > i have also setup openvpn, which works great for me from home, and i have > > been > > able to successfully get this working. however, one of the users that > > connects > > to my VPN is having problems making openvpn and his kerio firewall "play > > nice", > > and a working openvpn configuration cannot survive a reboot due to win xp > > being > > such a great OS. > > > > I would definately stick with the openvpn solution. It's simplier to > implement, and i didn't understood the part that the configuration > cannot survive a reboot. Is this a problem on the user side? If it is, > the same potential to damage the openvpn setup, could be used to dmage > the ipsec setup.
The same problem probably won't affect ipsec, since there's no extra network interface involved there. http://openvpn.se/xpsp2_problem.html > Yes, that's another advantage, it use only ONE port, and is NAT > friendly. This is no different to ipsec nat-t. There are both advantages and disadvantages with ipsec, openvpn, and openssh tun-forwarding. Use what fits best for the job...
