A spirited article on VPNs recommends OpenVPN, being a userland deamon that obviates all the IPSec kernel stuff and lets you install and configure easily. Especially useful to get a view on the two alternates, IPSec and SSL VPNs, but make sure you read the comments to get the old guard's replies.
http://software.newsforge.com/article.pl?sid=05/09/22/164231&tid=78&pagenum=2
I don't like VPNs much myself, and OpenVPN looks like it has the same problem: how do you know it is turned on? For my money, security begins and ends at the Application, that which we call the Finance layer, and VPNs are just too remote for that to work out.
Posted by recommending OpenVPN - the competition! at December 25, 2005 07:31 PMYou didn't see my wiki entry about openvpn?
uses OpenWrt and OpenVPN to make a super cheap embeded wifi/vpn router :)
http://wiki.cacert.org/wiki/OpenWRT
Posted by Duane at December 27, 2005 11:39 AMWill the new ssh-vpn not use TCP to transport the underlying packets? I've been using ppp-over-ssh as a VPN for almost a decade: it's super-easy to set up, and the only privilege you need is being able to run pppd. But since everything gets tunnelled over TCP, lots of Badness starts happening when packets start getting lost.
Posted by Ian at December 27, 2005 11:41 AMOpenVPN is my preferred option since it uses UDP for transport rather then TCP
Posted by Duane at December 27, 2005 12:33 PM