Security Basics mailing list archives
Re: Deploying SSL-based VPNs
From: Miguel Dilaj <miguel.dilaj () oissg org>
Date: Thu, 30 Mar 2006 16:30:33 +0100
Hi there!We didn't had any issues other than the need to install it on all laptops (that surely can be scripted somehow...). After the mandatory Windows reboot, the user simply got the CA cert, the user cert, the user private key, and the config files (as mentioned before, we have 2, one that puts the default route through the VPN, and other that simply adds routes to our servers). Starting the VPN is right clicking on the icon and selecting which config you want to use, then enter your private key's password, and start sailing ;-)
In theory you can go completely clientless by using an IPSec VPN, and the IKE/IPSec functionality of Windows XP. In practice I attempted that, and didn't like it for several reasons, one of which being that we want to be able from many places, including customers, sometimes over proxies, etc., and all this is impossible with IPSec.
For the records, before moving to OpenVPN we used FreeSWAN. It worked, with the limitations mentioned in the paragraph above.
Cheers, Miguel Joe wrote:
Hello MiguelThanks for sharing your experience. I'm not wondering that OpenVPN works fine. You pointetd out that the deployment of the certificates was a pain. How about deploying the software? Here I see the advantage of clientless remote access solutions. They usually just download a java or active-x client which uses the web-browser as the VPN-endpoint. The advantages of clientless VPN's are of course the deployment. However cost and application support of a solution like OpenVPN are much better.Thanks Nik
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Deploying SSL-based VPNs Joe (Mar 29)
- Re: Deploying SSL-based VPNs Miguel Dilaj (Mar 30)
- Message not available
- Re: Deploying SSL-based VPNs Miguel Dilaj (Mar 30)
- Message not available
- Re: Deploying SSL-based VPNs Miguel Dilaj (Mar 30)
- Re: Deploying SSL-based VPNs Saqib Ali (Mar 30)
- Re: Deploying SSL-based VPNs Alice Bryson (Mar 31)
- <Possible follow-ups>
- RE: Deploying SSL-based VPNs Hayes, Ian (Mar 30)
- RE: Deploying SSL-based VPNs Charles Hammett (Mar 30)
- RE: Deploying SSL-based VPNs Beauford, Jason (Mar 30)