D
D
DuD2017-02-08 00:01:30
linux
DuD, 2017-02-08 00:01:30

What to choose for a VPN?

This question has probably been asked here a thousand times.
There are several offices and DCs with servers.
Access from offices to servers, and in the future and between offices is necessary.
+ roadkeepers connecting from the outside to the server in the DC.
Requirements:
- Must be upgradable on Linux. those. not a ironclad solution.
- Native support by most OS is desirable, including mobile
ones. I tried strongswan, in principle everything has risen and works, but the lack of interfaces does not suit me. I was expecting to see something like ipsecX when the tunnel comes up. Because of this, problems with traffic monitoring. Well, the ability to rout the whole thing is not enough.
A lot of articles come across about openvpn, but so far it has been postponed due to the need to install a client application. I read in one of the articles that it does not support topologies other than a star (is it true?).
What do you advise?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
K
ky0, 2017-02-08
@ky0

Softether - OpenVPN, L2TP (for laptops and mobile phones/tablets), IPSec for tunnels. In one vial. Nice control interface, a large number of settings.

S
Sanes, 2017-02-08
@Sanes

What's wrong with OpenVPN? It is configured in 1 click, what is the server, what is the client.
https://git.io/vpn

C
CityCat4, 2017-02-08
@CityCat4

Monitoring of IPSec traffic is not done through devices like ipsec0 - it's a bit of yesterday :) Once they were, yes.
You need to find the iptables packet flow scheme - complete, including xfrm encode and xfrm decode - I won't give the url, but here I have a printed version called "Packet flow in Netfilter". And then everything falls into place. xfrm encode - package encryption, xfrm decode - respectively decryption. xfrm lookup - Check if a packet matches IPSec policies.
Strongswan is just for your tasks - on iOS the built-in will take off, on android there is a strongswan client (built-in - sucks), on Windows you need to try ShrewSoft. On the site strongswan there are a zillion examples of configs for all conceivable cases and for roadwarrior too.
You will hardly find solutions, except for IPSec and OpenVPN. In fact, with IPSec routing, everything is not so difficult - it’s enough to make one branch, the rest are riveted according to the template, unless there may be questions with road warriors - I just tried a hardware solution on Mikrotik and postponed it for now due to the fact that Mikrotik did not have IKEv2 support - it appeared only recently.

S
SchmeL, 2017-02-09
@SchmeL

try openswan+x2ltpd

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question