LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-24-2009, 03:39 PM   #1
nima0102
Member
 
Registered: Nov 2006
Posts: 209

Rep: Reputation: 30
site-to-site VPN


Hi
I want to implement VPN between 2 servers, May one guide me for select one solution for this purpose ??? GRE or OpenVPN or IPsec and etc ..
thanks for you reply
 
Old 03-25-2009, 08:21 AM   #2
arfon
Member
 
Registered: Apr 2004
Location: Texas
Distribution: Slackware
Posts: 201

Rep: Reputation: Disabled
Use OpenVPN. It's the most common and it works great. ...and there's 50,000,000 HOWTOs and guides out there for it.
 
Old 03-25-2009, 08:52 AM   #3
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Beg to disagree OpenVPN is not even an internet standard. IPSEC is the most common and vendor inter operable
 
Old 03-25-2009, 01:18 PM   #4
arfon
Member
 
Registered: Apr 2004
Location: Texas
Distribution: Slackware
Posts: 201

Rep: Reputation: Disabled
I'm not saying that you are wrong but, everyone I know runs OpenVPN. If he controls the servers, does it matter if OpenVPN doesn't follow a standard?

OpenVPN is much easier to get going.

I still say go with OpenVPN.
 
Old 03-25-2009, 01:29 PM   #5
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
IPSEC security is considered stronger than SSL based VPN's like OpenVPN, given the fact that he wants a tunnel between the two servers am guessing he needs to protect the traffic between them.

Most folks turn to Openvpn because they can not handle the "complexity" of configuring IPSEC tunnels.
 
Old 03-25-2009, 01:59 PM   #6
arfon
Member
 
Registered: Apr 2004
Location: Texas
Distribution: Slackware
Posts: 201

Rep: Reputation: Disabled
I think you just made the decision for him...

If he needs it to be super secure and the complexity doesn't scare him, he'll probably use IPSEC.

If he just needs to keep riff-raff out and needs an easy setup, he'll probably go with OpenVPN.


That was a good summation.
 
Old 03-25-2009, 03:41 PM   #7
okcomputer44
Member
 
Registered: Jun 2008
Location: /home/laz
Distribution: CentOS/Debian
Posts: 244

Rep: Reputation: 52
I think openvpn is far away of easy configuration.

I would say like to configuring sendmail. (I've been using sendmail for 7 years so I know)

Anyway
I just wondered few months ago run openvpn on windows<=>linux and I found many parts is not even easy it is just a nightmare.

Between linux boxes (fedora,centos,redhat)you can use network configuration to setup ipsec vpn. There is a wizard under that.

So about 10 click and the ipsec vpn runs.

This is done in ~100 steps under openvpn.
So I would say in this case avoid openvpn and use ipsec.
 
Old 03-26-2009, 04:23 AM   #8
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
i have used poptop, openvpn before, and had to use IPSEC yesterday. i was trying to create a VPN tunnel between linux and jupiter, so IPSEC is the only option. servers generally dont have GUI, it means no gui tool. also gui tool would not be enough for a specific configuration. it was really nightmare, and it is still nightmare.. because it doesn't work correctly. i hope i will make it work today..

i can say that openvpn is easier than IPSEC on servers (without gui).

best regards
 
Old 03-26-2009, 10:53 AM   #9
nima0102
Member
 
Registered: Nov 2006
Posts: 209

Original Poster
Rep: Reputation: 30
thanks for your attention
in our case, the encryption is not important, and we need a tunneling solution with smallest overhead in tunnel, which one of these solution has smallest overhead ??
thanks for any help or guide
 
Old 03-26-2009, 10:56 AM   #10
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Then why do u actually need at tunnel ? when you could just transmit via normal TCP/IP anyway you can use ipip tunnels which are very easy to setup using the ip tool.
 
Old 03-26-2009, 04:37 PM   #11
nima0102
Member
 
Registered: Nov 2006
Posts: 209

Original Poster
Rep: Reputation: 30
thanks for your quick reply
I am going to test ipip
May you give me a overhead comparison between IPIP and IPsec and GRE andOpenVPN ??
thanks for any help or guide
 
Old 03-26-2009, 05:21 PM   #12
TheGorf
LQ Newbie
 
Registered: Feb 2009
Posts: 11

Rep: Reputation: 0
Add me to the list of OpenVPN frustrated users. SSL works well for basic VPN for some remote roaming users and stuff, but damn... i've spent a week trying to get my OpenVPN running (thread is in this forum). I can't get it to work for anything.

For site to site where my security is important I use IPSEC which is industry standard and well supported. FreeSwan works well though it has a level of complexity to it as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Site to Site VPN - Internet browsing bence8810 Linux - Networking 2 04-19-2008 11:56 AM
Public IP's for site to site VPN prashanlk Linux - Networking 3 12-16-2007 12:19 PM
apache2 vhost site makes default site inaccessible jyamada1 Linux - Server 4 01-17-2007 08:42 PM
VPN from Remote Site! kofi Linux - Security 2 03-28-2006 03:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration