Thomas Cameron wrote:
> I have a client who has three offices. The main one has static IP
> addresses. The two others have dynamic IP addresses (RoadRunner). I
> need all three to be able to access resources on each of the other
> networks. We are currently using Windows 2000 PPTP tunnels and not
> liking it at all.
>
> ..
>
> Any VPN gurus out there who have done anything like this before and
> can make recommendations? I need something which will be easy to set
> up and maintain, which is why the NetGear solution looks pretty good.
I have just finished setting up two VPNs with OpenVPN in the past month.
One was all Linux and the other a mix of Linux firewall/routers and
Win2000 Laptops. The latest version 1.5beta6 fully supports Win2000 and
WinXP as both clients and servers. (Don't let the beta status scare you
off, it's rock solid and based off of the CIPE-Win32 code base.)
Some of the features that really sold me:
* VPN Daemon runs entirely in user space using the kernel TUN/TAP
devices. If the VPN daemon crashes, it probably won't take the machine
with it. Very important on a relativly unstable Win32 machine.
* Works with NAT/DHCP without any special configuration as long as one
end of the tunnel has a static IP Address.
* Easy to configure. Configuration consists of generating keys and
editing a single config file.
* Uses either Shared Key or SSL encryption schemes. The SSL is based
on OpenSSL and is fairly easy to set up with the included keygen scripts.
* Multi-platform, runs on Linux 2.2+, Solaris, OpenBSD 3.0, FreeBSD,
NetBSD, Windows2000, WindowsXP. Work is being done to port this to ARM
based PDAs as well.
Take a look at the project at
http://openvpn.sourceforge.net/ If this
is the way you want to go, drop me an e-mail off list, and I'll give you
a hand.
--
Chris Lewis
shadow@digitalnirvana.com
----------------------------------------
If it compiles, it is good, if it boots up it is perfect.
- Linus Torvalds
----------------------------------------