XPost: comp.dcom.sys.cisco, comp.os.linux.networking, microsoft.   
   ublic.windows.server.networking   
   From: david@westcontrol.removethisbit.com   
      
   Stefan Monnier wrote:   
   >> IPSEC is very widely used for infrastructure VPNs and is not   
   >> proprietary.  Cisco interoperates with Checkpoint interoperates with   
   >> Draytek interoperates with OpenVPN ....... Never found a problem in   
   >> dozens of cases.   
   >   
   > In which sense do they "interoperate"?   
   >   
   >> OpenVPN is proprietary and will not work with a Draytek router.   
   >   
   > In which sense is OpenVPN proprietary?   
   >   
      
   I think the poster means that the protocol is not an official standard   
   held by an independent body.  That's true, even though it is built   
   around existing standards and is freely available.   
      
   >> If you do not, setting up and maintaining this simply to support a few   
   >> dialup VPN clients is a big ask. Making a few changes to your firewall for   
   >> GRE is pretty minor by comparison.   
   >   
   > I went to the trouble of setting up a personal OpenVPN server (and   
   > corresponding clients) specifically because of the endless problems   
   > I had with firewalls when using PPTP (and I don't know about other   
   > people, but I can't make any change to most of the firewalls to which   
   > I'm exposed; and even when I could I still had problems when several   
   > machines within the same NAT subnet tried to use the same VPN).   
   >   
      
   I have no doubt that OpenVPN is much easier to configure and work with   
   both for the server and clients.  Most of the servers I have configured   
   have been on small, cheap LinkSys routers using OpenWRT, with multiple   
   OpenVPN configurations - an independent OpenVPN network for each network   
   port on the device.  Different clients have OpenVPN connections to   
   different servers, and can easily connect to or disconnect from the   
   networks as they require.  Each server can have multiple clients for the   
   different VPN networks as needed.  Each client can be connected to   
   multiple servers.  And both the servers and clients are typically behind   
   at a NAT router.  This kind of flexibility is simply impossible with   
   other VPN solutions.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)