0

Having used OpenVPN for a while, I've found it tiresome to install a client on every machine that needs to connect (Android, Windows, Linux.) I'd rather just enter the details in the OS's built in client. My main thought at this point is to use IKEv2 due to its high compatibility and low overhead whilst retaining good security.

I've been trying to find the best guide for setting it up, (because VPN setups in general are quite involved, so a guide is nice) and all I can find are StrongSWAN guides that suggest using practices that I think are insecure (such as mschapv2 authentication.) I'd like to find one that the community considers to not only be good from a security perspective, but highly compatible, and has per-user pre-shared key authentication (no messing with certificates.)

So what this comes down to is: What VPN type is best for my needs, what daemon is best, and what is the most secure way to configure it? Thanks!

Dragoon
  • 111
  • 2

1 Answers1

0

It depends what do you need when looking from network and administrative point of view. For me highly compatible VPN solution means:

  • allowing work with L2 traffic,
  • dealing with NAT on the client side as well as on the server side in the same time,
  • possibility to establish site to site connectivity just with any port forward(!),
  • allowing to forward through VPN local LAN layer 2 traffic - broadcast messaging,
  • pushing options to client (like routes, DNS, WINS, domain suffix, NTP) without administrative privileges using DHCP.
  • ability to join client to domain via WAN,
  • ability to authorize users via directory services like OpenLDAP and Active Directory,
  • ability to use high grade encryption, integrality mechanisms and one time tokens.
  • compatibility with Windows, Unix, Linux, OSX, ROS. (There's some incompatibility of course)

It makes OpenVPN unique. None other VPN solution can accomplish it*.

*all of it in the same time.

As you noticed one of the disadvantages is lack of native support, although you can prepare one-click installers for Windows, all-in-one config files for Linux and OSX.

Michal Sokolowski
  • 1,461
  • 1
  • 11
  • 24