Stuart Henderson wrote: > The same problem probably won't affect ipsec, since there's no extra > network interface involved there. http://openvpn.se/xpsp2_problem.html
I meant that if one user can misconfigure the openvpn setup, he or she have the same potential to misconfigure the ipsec setup. > This is no different to ipsec nat-t. There are both advantages > and disadvantages with ipsec, openvpn, and openssh tun-forwarding. > Use what fits best for the job... > I see one difference: AFAIK when you are using ipsec with nat-t, you have to give up some of the protection that the AH gives to you, and you stay only with the full ESP protection. With openvpn, you use the tls-auth directive and have the same level of protection that AH provides you. Implementing and keeping IPSEC solution is far more comples than a openvpn solution, so i would definately try the openvpn solution. My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
