[AusNOG] VPN Virtual appliance recommendations
Kristoffer Sheather @ CloudCentral
kristoffer.sheather at cloudcentral.com.au
Thu Dec 3 07:28:26 EST 2015
VyOS.
Regards,
Kristoffer Sheather
----------------------------------------
From: "Michael Rave" <michael at crossivity.com>
Sent: Thursday, December 3, 2015 3:47 AM
To: "Jonathan Thorpe" <jthorpe at Conexim.com.au>
Cc: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
Subject: Re: [AusNOG] VPN Virtual appliance recommendations
On 03 Nov 2015, at 01:50, Jonathan Thorpe <jthorpe at Conexim.com.au> wrote:
RouterOS is pretty good with OpenVPN, but there's a major limitation with it - at last check, it only supports TCP based connections and not (what I would have thought were) the more common UDP. It works, but TCP in TCP is bad for performance.
There might be a way to do part of the auth on RouterOS with RADIUS, but it still needs a Client Certificate installed on each instance of the machine. These can of course be transferred over SSH, but that's a lot to sync.
My experience with RouterOS and OpenVPN isn't that good. Whenever you type in the wrong password is just keeps trying to connect instead of giving an authentication failure warning. You also can't use the "Force AES-CBC ciphersuites" option.
For now I'm using pfSense, although I don't use it with xx000's users, but have used it with x00's users without any problem.
Regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20151203/8519299a/attachment.html>
More information about the AusNOG
mailing list