[AusNOG] VPN Virtual appliance recommendations
Michael Rave
michael at crossivity.com
Thu Dec 3 03:46:34 EST 2015
> On 03 Nov 2015, at 01:50, Jonathan Thorpe <jthorpe at Conexim.com.au> wrote:
>
> RouterOS is pretty good with OpenVPN, but there’s a major limitation with it – at last check, it only supports TCP based connections and not (what I would have thought were) the more common UDP. It works, but TCP in TCP is bad for performance.
>
> There might be a way to do part of the auth on RouterOS with RADIUS, but it still needs a Client Certificate installed on each instance of the machine. These can of course be transferred over SSH, but that’s a lot to sync.
My experience with RouterOS and OpenVPN isn't that good. Whenever you type in the wrong password is just keeps trying to connect instead of giving an authentication failure warning. You also can't use the "Force AES-CBC ciphersuites" option.
For now I'm using pfSense, although I don't use it with xx000's users, but have used it with x00's users without any problem.
Regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151202/870140e5/attachment.html>
More information about the AusNOG
mailing list