Neil Broadley wrote:
> 2010/1/4 Mathias Gug <email@example.com <mailto:firstname.lastname@example.org>>
> On Mon, Jan 4, 2010 at 1:33 PM, Martin Pitt
> <email@example.com <mailto:firstname.lastname@example.org>> wrote:
> > Hello Mathias,
> > Mathias Gug [2010-01-04 12:23 -0500]:
> >> If not the following packages could be demoted to universe:
> >> * ipsec-tools (and racoon) given its vulnerability history
> > Some years ago I actually used ipsec-tools (not racoon) to setup
> a VPN
> > in our university, but nowadays I'm using openvpn; it's simpler
> to set
> > up, and is supported with more devices (mobile phones, routers,
> Agreed. It seems that there are at least two solutions to implement a
> VPN in main: OpenVPN and IPSEC. I wonder how popular are IPSEC-based
> VPNs nowadays?
> Any decent sized corporate will still almost certainly be based on
> IPSEC. I haven't encountered a single corporate environment deploying
> OpenVPN or SSL solutions when you're talking site to site - everything
> is IPSEC gateway to gateway.
I agree, most corporate enviroments use ipsec for site-to-site using
some kind of appliance, or even for roadwarriors, I still have som
dapper boxes using openswan on to connect a remote site to sonicwalls
appliances, cisco, even linksys and others.
I have read most appliance manufacturs test their boxes agains openswan
because is more standard in regard to ipsec suite protocols, another
point for ipsec is that it complaint with most security requiermentos
for remote access.
I use and promote openvpn for small business for site-to-site and
roadwarriors but, I can't connect my nokia phone to the vpn so I use
> My experience is entirely based within the financial sector however,
> so may be biased.
> Your question "how popular are IPSEC VPNs these days" is probably more
> "how popular are they with Ubuntu or Linux users?" and is probably
> answered, "not very". I can't think of many instances where you would
> use IPSEC to connect a peer to a gateway. Checkpoint tried that with
> their SecureClient product and there's a good reason ti's largely
> discontinued now (although, strangely, still supported). It's a
> horror, and you're better off with SSL solutions, such as OpenVPN or
> Cisco's ASA devices (also SSL based, I believe) or even Citrix access
> gateway or whatever Xen-based name it's called now (although last I
> looked a couple of years back, there was no Linux client for that).
> But in my experience, if you want to connect site to site, IPSEC is
> still the only way to go, because you don't need a client. At all.
> Which means, yes, it's slightly more difficult to set up, but it means
> that any equipment can use that VPN, since it's based on the gateway,
> not on the client.
> Mathias Gug
> Ubuntu Developer http://www.ubuntu.com
> ubuntu-devel mailing list
> email@example.com <mailto:firstname.lastname@example.org>
> Modify settings or unsubscribe at:
Jorge Armando Medina
Computación Gráfica de México
Tel: 55 51 40 72, Ext: 124
GPG Key: 1024D/28E40632 2007-07-26
GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
ubuntu-server mailing list
More info: https://wiki.ubuntu.com/ServerTeam