Re: [Openvpn-users] OpenVPN versus IPSec

Wed, 07 Oct 2020 19:01:16 -0700 

Em 07/10/2020 19:58, Leroy Tennison via Openvpn-users escreveu:
We use OpenVPN but are getting requests from customers for IPSec.  In doing research I came across a reference stating the OpenVPN development team has "subscribed to" some standard for secure development but, of course, now I can't find it.  Does anyone have a reference to what I'm talking about? I'm painfully aware that IPSec is more complex, difficult to set up and less robust in recovering from failed connections than OpenVPN but am looking for additional justification.  Anything that anyone has to offer (third-party commercial products such as firewall vendors using OpenVPN, reviews/analysis of OpenVPN, "security expert" recommendations, etc) would be appreciated.  Thanks for your help. 


    While not exactly using OpenVPN (which implements a SSL VPN 
protocol using the industry standards SSL/TLS protocols), even the big 
ones (Fortinet, Cisco, etc) are giving up IPSec instead of their own 
implementation of SSL-VPNs, given the ease of dealing with NAT and 
firewalls.



    It seems to me that going for IPSec, at this point in time, would 
actually be going back.



    While defined as a standard, all vendors implements IPSec with its 
own extensions and specially for client-to-site connections (called 
roadwarrions in IPSec terms), you'll need to install that firewall 
vendor IPSec client anyway, forget about the "standard protocol which 
can be configured anywhere", that never existed. You'll depend on the 
VPN client from that vendor, despite using a so-called "standard" VPN 
protocol. In reality, that almost never happened.



    For site-to-site VPNS, there I have to agree, you can basically 
stablish IPSec VPNs from anything to anything who supports IPSec. But 
for the client-to-site, it never existed such a thing as "standard IPSec 
implementation".




--


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        gertru...@solutti.com.br
        My SPAMTRAP, do not email it



_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to