On Tue, Aug 01, 2006 at 03:26:46PM +0800, Lars Hansson wrote:
> On Friday 28 July 2006 21:49, Stuart Henderson wrote:
> > simple end-user install on the Windows side
>
> I'd have to disagree with this. OpenVPN on Windows isn't nearly as end-user
> friendly and easy to install as, say, TheGreenbow IPSec client.
>
> > you can bridge an ethernet to a remote Windows box (helps with
> > some MS protocols)
>
> Hmm...is this why I can't get SMB "workgroup browsing" to work using IPSec?
> Even if you have WINS server?
>From my understanding - which is limited by my dislike of anything
Microsoft, and SMB in particular[1] - it should work with a WINS server.
Of course, NETBIOS is out, but SMB over TCP/IP (i.e., a couple of TCP
and UDP ports, to muddle the terms further), should work.
> > per-user authentication (rather than per-host)
>
> If you use certificates isakmpd does per-user authentication. The downside is
> that getting certificates to work isn't exactly a walk in the park.
It shouldn't be *that* difficult, though, and doesn't look like it from
a quick look. I never needed to get this to work, though, and
consequently haven't tried it.
Joachim
[1] Then again, NFS sucks too. I have yet to encounter a network fs that
doesn't suck. And no, AFS isn't a POSIX filesystem, and I'm pretty sure
it sucks in other ways as well.
NFSv4 looks like it might suck quite a bit less than v3, in particular,
the ability to use a firewall is valuable.
