Donovan R. Palmer wrote:
> I am reading the docs for m0n0wall in preparation of setting up an
> install this week. I wondered if someone could tell me which VPN is
> better for travellors accessing the LAN via VPN with WinXP laptops?
> PPTP or IPsec?
really depends on a couple of things.
1. is the m0n0 box on a static IP? the ipsec implementation requires at
least one static IP.
2. Do you just want to be able to "get into the LAN", or do you need
real security? PPTP is far less secure than ipsec, and I base that on
absolutely nothing right now, because I am too lazy to pull up the
relevant sources :)
3. Are the road warriors behind restrictive firewalls that do not let IP
protocol 50 through? no ipsec for you.
4. Ease of use - last time I tried to connect windows 2000 to freeSWAN,
it was a weekend project. I did not want to pay for a third-party ipsec
client for windows, and the built-in one doesn't follow all the
standards. Dunno if that improved in XP.
if you want the best of both worlds (i.e., ease of use of PPTP on
windows, but decent security), I still highly recommend OpenVPN. Either
set up an openVPN box in the LAN, or grab one of Peter Allgeyer's
images, that's what I am using since over a year, rock solid. Wife uses
a wireless laptop at home and can only get out through an openVPN tunnel
(starts automatically upon starting the laptop, default route gets
pushed by the server), I work from everywhere behind all kinds of
firewalls and have it listen on a tcp port (not changing the default
route, just to get to my internal mchines at home), never had a problem.
Even works with certificates, don't have to rely on PSK.
just some food for thought