[c-nsp] VPN Device
bill fumerola
billf at mu.org
Thu Dec 7 12:52:02 EST 2006
On Wed, Dec 06, 2006 at 06:43:55PM -0500, Jeff Kell wrote:
> bill fumerola wrote:
> > my current mantra is ipsec for site-to-site and openvpn for users.
>
> Excuse what may be a stupid question, but will openvpn work with, say, a
> PIX or 3000 concentrator? Easily, or is a large hammer required?
the openvpn offering is a server and a client. it's ssl/tls based not
to be confused with some vendors https-based offerings. it would require
a hammer, shoehorn, crowbar, pix source code, cross-compiler, and vaseline.
> A "howto" example would be great, especially if it's easier than pushing
> cisco VPN clients around.
http://openvpn.net/howto.html
at $dayjob we roll/distribute a per-user macosx mpkg that contains
tunnelblick, the users certificate, and the config file.
the amount of specific information required in the package/client you
push around is related to the degree of security it provides. the range
is roughly from "anyone who gets this config gets into your vpn" to "user
must have a X509 cert signed by an authority the admin trusts".
-- bill
More information about the cisco-nsp
mailing list