[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] advantages of openvpn over RRAS


  • Subject: Re: [Openvpn-users] advantages of openvpn over RRAS
  • From: Giancarlo Razzolini <linux-fan@xxxxxxxxxxx>
  • Date: Sat, 12 Nov 2005 00:18:38 -0200

Kent Tong wrote:
> Hi,
> 
> I was wondering what are the advantages of openvpn over RRAS in 
> Windows? For example, in functionality, stability, resistence to
> network outages, security and performance? Or put it in another
> way, if a company has a Windows server and would like to build
> a VPN for users to connect from home, why it should choose openvpn
> instead of the builtin RRAS? 
> 
> Thanks!
> 
> 
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
Only one thing: security.

As far as i'm concerned, RRAS use an L2TP/IPSec solution. AFAIK, to
IPSec, being NAT-Traversal, it has to have only the ESP part of the
IPSec protocol, since any kind of NAT alter the source and/or
destination address, you should forget the aditional security that AH
gives to you. Secondly, L2TP, isn't exactly a secure protocol. It surely
does better than PPTP, but i wouldn't try to build anything "secure"
with it. I believe that there was a bug in the IPSec protocol, when only
using the ESP, because of the NAT-T. On the other hand, OpenVPN doesn't
have any problems with NAT, uses only one UDP or TCP port, you can even
make a two-factor authentication, either with only certificates and
passwords, or with a smartcard and passwords. It does scales well, and
has a better security than L2TP/IPSec, because you can use an shared
key, to authenticate every header of the packets arriving, so it can
compares with the AH part of the IPSec. So, i don't see any reason for
you to use RRAS. And many reasons to use OpenVPN.

My regards,

-- 
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
Snike Tecnologia em Informática
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users