I’m looking into setting up a VPN for a client between his home & office and wondering the best solution to use. On the one hand I could try openVPN and do the software solution. Pros for this are 1) cost 2) actually learn the ins & outs of setting things up and 3) probably more configurable.
The other option would be a hardware VPN. I could just buy this for $70 shipped and spend a few minutes setting things up. Pros for this option are 1) time 2) time 3) simplicity.
If anyone has any experience setting up a VPN and could lend some wisdom I’d appreciate some feedback.
OpenVPN rules. Like the rest of OpenSource, learn it once and leverage it for the rest of your life. Very flexible and ofter better then the cheap hardware VPNs.
nicely summed up Gabriel .. very very true.
I’ve used both and there are obviously tradeoffs. The dealbreaker for me is that OpenVPN supports Linux well and I couldn’t get IPSEC to work for the life of me. If you choose OpenVPN you’re limited to tunnels with other OpenVPN endpoints, but in my experience you’re about that limited with VPN hardware as interoperability seems to be the lowest priority.
It also really drives me nuts using any hardware or software that places arbitrary limits on functionality just for profit’s sake. OpenVPN is inifinitely configurable.
I guess you might want a hardware VPN if you need a vendor contract or you’re pushing more data than a generic CPU can handle. Some of the unified management capabilities are nice and I guess some people like a GUI. You’ll only get the last with the $70 Linksys.
“Pros for this are 1) cost 2) actually learn the ins & outs of setting things up and 3) probably more configurable.” and 4) A LOT EASIER
Hardware VPN: “I could just buy this for $70 shipped and spend a few minutes setting things up. Pros for this option are 1) time 2) time 3) simplicity.” WRONG. Do you already understand IPSec? Plan on a week to figure that beast out. Then plan on hours to week(s) getting it to work right.
I’ve done lots of VPNs: hardware (they’re all ipsec), software ipsec, PPTP, and openvpn. ipsec is an interop nightmare, so in practice you’re just as limited with ipsec as with openvpn. pptp is arguably easier to set up on the windows client side (but not on linux clients), and definitely less secure. openvpn is secure (based on time-tested openssl), flexible, easy, has clients on all three platforms, and just plain the best choice. Believe me.
well, I have used home VPN hardware like the Linksys. But I have used Cisco VPN hardware… the Cisco PIX 501 client hardware router and the Cisco VPN 3000 concentrator… these are not OS dependant and work great. And I have use the Cisco software for XP laptops as clients. I am sure there are linux clients as well if you didn’t want to use a hardware client. Though I still think the hardware route is easier. But more expensive.
I recently had the opportunity to actually try Netopia R910 series. Supports up to 16 VPN tunnels, configured using PPTP which is their recommended way for office-to-office. It works great. Stable and affordable. I believe the newer versions for small-medium businesses are 33xx series which Motorola bought this division.
I have experience being an end-user of OpenVPN and have seen highs and lows of the “free” product. There are more things to consider using openVPN, the server your going to run it on the interfaces to connect etc.. it’s cheaper if you already have a linux server with multiple ethernet adapters that you can just install openVPN then connect it on the network. If not you’re putting together a machine for it? Some things to think about. Although if you’re building out a large network infrastructure then using openVPN may probably be more feasible as the company may require more tunnels then 15 and need a lot more flexibility.
good and to point!
OpenVPN is problematic with iPhone or Android, it’s possible to use it’s not that easy.