+ Post New Thread
Results 1 to 10 of 10
Wireless Networks Thread, VPN showdown: IPSec vs SSL vs client-less SSL in Technical; I came across this article which disscusses the various options for VPN. The general bias appears to be OpenVPN (SSL ...
  1. #1

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    VPN showdown: IPSec vs SSL vs client-less SSL

    I came across this article which disscusses the various options for VPN.

    The general bias appears to be OpenVPN (SSL VPN) good, IPSec bad,

    Client-less SSL VPN is also frowned upon. I guess this touches upon SSL Explorer which was recommened in Cowman's remote access thread


    I am tempted to go the SSL way but wonder if there would be a performance penalty. Faterall IPSec is emplemented at kernel level and so should be faster.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Also look at FreeS/WAN.

    http://www.freeswan.org/

    Also don't forget PPTP.

    http://www.poptop.org/

  3. #3

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Quote Originally Posted by Geoff
    Also look at FreeS/WAN.

    http://www.freeswan.org/

    Also don't forget PPTP.

    http://www.poptop.org/
    Geoff you are joking aren't you?

    The last post on the FreeSWAN website is in 2003. The latest verion of OpenVPn was released ttwo weeks ago.

    and even Microsoft are moving away from PPTP.

    Not more help for the script kiddies, eh Geoff?

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Sorry, VPN isn't something I've really looked at recently.

    even Microsoft are moving away from PPTP.
    Someone better tell CLEO then. We're using PPTP here in Cumbria/Lancashire for our VPN remote access solution because apparently it's 'more secure' than IPSec....

  5. #5

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    19

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Quote Originally Posted by Geoff
    Someone better tell CLEO then. We're using PPTP here in Cumbria/Lancashire for our VPN remote access solution because apparently it's 'more secure' than IPSec....
    Have a look at this warning about PPTP posted on the poptop website.
    The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks.
    One of the problems it has is that it's vulnerbale to offline cracking a bit like WEP.

    The reason it's still used might because of ease of configuration and ubequity (it is included in Windows clients).

    Complexity can often be an enemy of security such as with the post-it note syndrome when it comes to using strong passwords.

    Another reason for continued PPTP use might be that NAT routers are not so kind to IPSec.

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Ah I see. I shall pass this info on.

  7. #7

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Mmm.. I had some involvement with the early "PPTP is Icky" uh.. campaign back when it was much, much worse.

    The 'Why not use PPTP?' comments on lack of two-factor authentication and sniffing have been true pretty much forever. However it's only "trivial" to break given a rubbish password.. and unlike ye olde LM Hash thing, you can't crack two or more passwords at the same time.

    IPSec (a good idea at the start) was murdered by a 10+ year committee design process, but when implemented wisely it's clearly more secure than PPTP.

    SSL tunnels (with mutual authentication i.e. server & client certs) are my favourite too.

  8. #8


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: VPN showdown: IPSec vs SSL vs client-less SSL


    The last post on the FreeSWAN website is in 2003. The latest verion of OpenVPn was released ttwo weeks ago.
    FreeSwan forked a while back to OpenSwan and StrongSwan

    http://www.openswan.org/
    http://www.strongswan.org/

  9. #9

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    738
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    37

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Quote Originally Posted by Geoff
    Sorry, VPN isn't something I've really looked at recently.

    even Microsoft are moving away from PPTP.
    Someone better tell CLEO then. We're using PPTP here in Cumbria/Lancashire for our VPN remote access solution because apparently it's 'more secure' than IPSec....
    I think its the combination of L2TP/IPSEC that is more secure.

    Window 2000 + has the client built in.

    Ashok.

  10. #10


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: VPN showdown: IPSec vs SSL vs client-less SSL

    Quote Originally Posted by ashok
    Quote Originally Posted by Geoff
    Sorry, VPN isn't something I've really looked at recently.

    even Microsoft are moving away from PPTP.
    Someone better tell CLEO then. We're using PPTP here in Cumbria/Lancashire for our VPN remote access solution because apparently it's 'more secure' than IPSec....
    I think its the combination of L2TP/IPSEC that is more secure.

    Window 2000 + has the client built in.

    Ashok.
    Theres a good L2TP/Ipsec resource here, http://www.jacco2.dds.nl/networking/freeswan-l2tp.html
    along with a windows integration howto http://www.jacco2.dds.nl/networking/...-freeswan.html

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 11th July 2007, 03:32 PM
  2. L2TP/IPSEC based VPN using ISA Server
    By Norphy in forum Wireless Networks
    Replies: 2
    Last Post: 22nd June 2007, 02:13 PM
  3. IPSec
    By k-strider in forum Wireless Networks
    Replies: 5
    Last Post: 24th October 2006, 10:05 PM
  4. Lockdown showdown: NetOp, Net Support, Ranger, LanView
    By ITWombat in forum How do you do....it?
    Replies: 45
    Last Post: 27th April 2006, 04:55 PM
  5. ipsec
    By browolf in forum Wireless Networks
    Replies: 6
    Last Post: 16th December 2005, 03:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •