Menu
▾
▴
openvpn-users
|
From: Theepan <to...@li...> - 2002-03-31 11:42:36
|
Hello, Can OpenVPN for Linux connect to a Windows NT/2000 VPN Server, and vice versa - can a Windows VPN Client connect to OpenVPN? If so, can anyone mention any VPN clients (or servers), that is compatible with OpenVPN? Thanks in advance, -- Theepan |
|
From: bishop <bi...@pl...> - 2002-03-31 11:46:58
|
Theepan wrote: > Hello, > > Can OpenVPN for Linux connect to a Windows NT/2000 VPN Server, and vice > versa - can a Windows VPN Client connect to OpenVPN? OpenVPN uses the Linux TunTap driver, version 1.1 for kernel 2.2 and version 1.4 delivered with kernel 2.4 . The TUN interface has not been delivered for Windows. There is an effort, and the vtun-users or vtun-devel list tracks the progress. Go search. The TUN device is a sub-project or co-project of the VTun project, which is why it uses the same lists. > If so, can anyone mention any VPN clients (or servers), that is compatible > with OpenVPN? As above may imply, no. > Thanks in advance, > > > -- > Theepan > > > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users -- Excellent... rime ice, a summit ridge, small trees blanketed in snow and ice like legions of twisted killer mutant deranged snow goons. -- Erick DeOliveira 20020208 Describing his first Winter Ascent |
|
From: Theepan <to...@li...> - 2002-03-31 16:30:13
|
> Theepan wrote: > > Hello, > > > > Can OpenVPN for Linux connect to a Windows NT/2000 VPN Server, and vice > > versa - can a Windows VPN Client connect to OpenVPN? > > OpenVPN uses the Linux TunTap driver, version 1.1 for kernel 2.2 and > version 1.4 delivered with kernel 2.4 . > > The TUN interface has not been delivered for Windows. There is an effort, > and the vtun-users or vtun-devel list tracks the progress. Go search. > > The TUN device is a sub-project or co-project of the VTun project, which is > why it uses the same lists. > Actually, that wasn'y my question - weither OpenVPN will be ported to Windows or not. The question was, is OpenVPN able to communicate and establish a VPN connection with other VPN products (such as Windows VPN clients, Cisco routers, etc.) or ONLY other OpenVPN's. I don't know much about VPN, and maybe I was wrong asking the question, but I thought there existed some kind of standards (like RFC) describing how VPN connections are established and "used", just like FTP, WWW, IRC, you name it. |
|
From: bishop <bi...@pl...> - 2002-03-31 17:35:45
|
Theepan wrote: >>Theepan wrote: >> >>>Hello, >>> >>>Can OpenVPN for Linux connect to a Windows NT/2000 VPN Server, and vice >>>versa - can a Windows VPN Client connect to OpenVPN? >> >>OpenVPN uses the Linux TunTap driver, version 1.1 for kernel 2.2 and >>version 1.4 delivered with kernel 2.4 . >> >>The TUN interface has not been delivered for Windows. There is an effort, >>and the vtun-users or vtun-devel list tracks the progress. Go search. >> >>The TUN device is a sub-project or co-project of the VTun project, which > > is > >>why it uses the same lists. >> > > Actually, that wasn'y my question - weither OpenVPN will be ported to > Windows or not. The question was, is OpenVPN able to communicate and > establish a VPN connection with other VPN products (such as Windows VPN > clients, Cisco routers, etc.) or ONLY other OpenVPN's. > > I don't know much about VPN, and maybe I was wrong asking the question, but > I thought there existed some kind of standards (like RFC) describing how VPN > connections are established and "used", just like FTP, WWW, IRC, you name > it. Oh! I'm sorry! Yes, I misunderstood, completely. The common question I hear is "Will XX be ported to windows", and I made a bad guess. To the best of my knowledge, no : OpenVPN may only, at this time, connect with other OpenVPN nodes. Here's also what I have heard: - PPTP is a rather established protocol, although I've not seen the RFCs describing it. I've linked Windows to Linux servers. - VTun is the other Tun-using implementation. It's the closest to OpenVPN, but is not compatible. VTun may also only connect to other VTuns. - IPSec hosts can, usually, connect to other IPSec hosts. These include Cisco hardware, Win2k (I think that's the version), PIPSec under linux, FreeS/WAN under linux, several smaller VPN hardware devices and a few software implementations. Note that some mangling is usually required, however. For instance, FreeSWAN needs an optional x.509 patch before the windows IPSec will talk with it appropriately, I hear. Also, the amoung of configuring is inversely proportional to how broad the support is - FreeSWAN, for instance, is far too complex for my little brain. I tested a FreeSWAN kernel RPM with the help of a friend's comfig pair. The PIPSec IPSec shows the most promise for getting OpenVPN to use IPSec. It's an older TUN-using user-space IPSec implementation that's been unsupported for about 3-4 years, from what I hear. - bish -- Excellent... rime ice, a summit ridge, small trees blanketed in snow and ice like legions of twisted killer mutant deranged snow goons. -- Erick DeOliveira 20020208 Describing his first Winter Ascent |
|
From: James Y. <ji...@nt...> - 2002-03-31 21:53:55
|
> > Actually, that wasn'y my question - weither OpenVPN will be ported to > > Windows or not. The question was, is OpenVPN able to communicate and > > establish a VPN connection with other VPN products (such as Windows VPN > > clients, Cisco routers, etc.) or ONLY other OpenVPN's. Well the compatibility question is an interesting one. OpenVPN uses TLS (the latest generation of SSL) for session authentication and key exchange. It's the same protocol used by all the secure web browsers out there in the world. That means that you have full access to the public key infrastructure that currently exists with respect to the secure web. You can use SSL certificates, certificate authorities, use the openssl tool to create your own certificates, keys, etc. The problem is that to my knowledge, OpenVPN is the first open source VPN to actually use the TLS protocol. Up until now, TLS has mostly been used by secure web browsers such as Apache/ModSSL. Why TLS hasn't been more widely used in VPNs is a mystery to me. It is solid, it is secure, it has withstood the test of time. Perhaps the reason is IPSec. A great deal of effort has been expended over the last few years in making IPSec the standard security solution for IP in the same way that SSL has been the security solution for the web. The IPSec effort looks promising, but some of the results have been mixed. To use IPSec under linux for example, you must patch your kernel. IPSec is also very complex and is just starting to see more widespread usage, but it is hampered by its complexity. Because of this, it will probably be some time before IPSec is as mature or stable as SSL/TLS. For some criticisms of IPSec security, see: http://alternic.net/drafts/drafts-s-t/draft-simpson-danger-isakmp-01.html http://www.off.net/~jme/ietf/ So to answer your question, right now OpenVPN is the only VPN to use the TLS protocol (OpenVPN uses the TLS protocol for session authentication and key exchange, but it uses the OpenSSL EVP cipher library to actually encrypt the tunnel data packets using the key it negotiated over TLS.) and therefore if you want to use OpenVPN, you must run it on both peers. If you want a VPN that is more standardized, check out IPSec. But I will maintain that OpenVPN accomplishes a lot of what IPSec sets out to do, but with a dramatically lighter footprint. Now of course, once you set up an OpenVPN link between two peers, you can route any IP over it, regardless of where that IP orginates (Windows, Unix, Cisco, etc.). For example, I use Windows NT extensively for my work, and my NT laptop routes packets over the OpenVPN link without even knowing it's there. Hope that helps. James Yonan |
Thanks for helping keep SourceForge clean.
X