Initial VPNing Questions
-
@nadnerB said:
Are there other alternative solutions (to Pertino & OpenVPN) to be considered?
IPSec is the most common and what nearly all businesses use. When people say VPN and don't say what kind (like on SpiceWorks) they universally mean IPSec. Often people think that IPSec is the only VPN, which is a bit crazy considering how new it is in VPN terms.
Some Windows folks from the NT4 era actually still use PPTP (PopTop on Linux) for VPN. Easy and insecure.
SSH can be used to make VPN tunnels.
-
@nadnerB said:
Well, a dig through their, recently discovered, Knowlege Base provided this gem:
Q: Can Pertino be used as the Internet gateway for a remote client?
A: We are working a feature that will allow you to tunnel internet traffic in the near future.
https://support.pertino.com/hc/communities/public/questions/201687509-Route-Internet-Traffic-Through-Pertino?locale=en-us
So, it looks like it'll be OpenVPN or similar.Pertino is a full mesh VPN. Using it as a gateway kills most of its features. If you use Pertino you will almost instantly see why a gateway would not make a lot of sense, at least not easily, for the product.
-
@nadnerB said:
Are there other alternative solutions (to Pertino & OpenVPN) to be considered?
@scottalanmiller said:
IPSec is the most common and what nearly all businesses use.
I prefer OpenVPN for basic deployment because it is generally simpler to make stable and because no deployments that I am involved in need more throughput than I can get out of OpenVPN.
IPSEC is support for hardware offload of the encryption in almost every router on the planet, so if you need a level of throughput that OpenVPN begins to choke on then go with IPSEC.
I always have problems with IPSEC staying connected, or more specifically successfully reconnecting after a peer goes dead or misses too many heartbeats.
Once an IPSEC design is stable they are generally rock solid, but they seem to take more work than OpenVPN.
-
There's TINC as well for full mesh VPN
-
And Hamachi too, although not on Linux and it has not been maintained in many years and the company behind it is a shambles.
-
@scottalanmiller said:
And Hamachi too, although not on Linux and it has not been maintained in many years and the company behind it is a shambles.
Prior to LogMeIn purchasing Hamachi (in 2006), I used and liked the service. I was not the Zero Config solution it is now, but it was a great service. It went the way of everything else LogMeIn has.
-
We used it long ago too. It used to have a Linux client too! It has gone downhill a lot.
-
@scottalanmiller said:
We used it long ago too. It used to have a Linux client too! It has gone downhill a lot.
It still does.
-
@JaredBusch said:
@scottalanmiller said:
We used it long ago too. It used to have a Linux client too! It has gone downhill a lot.
It still does.
It does? Everytime I've looked in the last few years, it had been removed.
-
@scottalanmiller said:
It does? Everytime I've looked in the last few years, it had been removed.
I was going to check again to confirm, but it looks like you cannot even see anything without signing up for a logmein account. Screw that.