|
|
One point I haven't seen anyone mention yet in this thread is that OpenVPN is for creating and encrypting a *virtual* network, meaning a new network with new IP addresses. IPSec does not create a new network with new IP addresses, it encrypts traffic on a network while using the network's existing IP addresses. This is a pretty fundamental difference. In particular, IPSec lets the network administrator maintain control over (and keep track of) who can connect to whom while preventing him/her from monitoring what's being said. An OpenVPN-style VPN, once established, hides not only what is being said but to whom it's being sent. In a corporate environment, especially within a large corporation, there may be policies the network administration is supposed to enforce about who can talk to whom. IPSec lets the network administration enforce them while not being privy to the communication itself - that is, network admins can enforce company policy without having access to company secrets, personnel records, bank and credit card records, etc. OpenVPN is designed to hide everything, which is of course what even a large corporation wants for communication across a public network. On a private LAN, this can become a way for circumventing policy, giving people a way to access things they should not have accces to without their access being detected. -- Dick St.Peters, stpeters@xxxxxxxxxxxxx ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |