Page 1 of 2 12 LastLast
Results 1 to 20 of 22

Thread: Encapsulation in VPN

  1. #1
    karthikbalaguru
    Guest

    Encapsulation in VPN

    Hi,
    For data ecapsulation, VPN relies on either of the
    following technologies like GRE , IPSec, L2F,
    PPTP and L2TP . But, which of the above
    technologies is popular ? If they vary based
    on the requirements, can you pls lemme know
    a document/link that maps the technologies
    against the requirements w.r.t VPN ?

    Thx in advans,
    Karthik Balaguru

  2. #2
    Bob Lin \(MS-MVP\)
    Guest

    Re: Encapsulation in VPN

    IPSec and PPTP are more popular. The PPTP is using for client to server.
    IPSec can be used as cleint to server or site to site VPN. This search
    result may help.

    Virtual Private NetworksLearn about the Microsoft commitment to support VPN
    interoperability through standards such as L2TP/IPsec and PPTP. Connecting
    Remote Users to Your Network ...
    technet.microsoft.com/en-us/network/bb545442.aspx


    --
    Bob Lin, Microsoft-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN Troubleshooting on
    http://www.ChicagoTech.net
    How to Setup Windows, Network, VPN & Remote Access on
    http://www.HowToNetworking.com


    "karthikbalaguru" <karthikbalaguru79@gmail.com> wrote in message
    news:390def23-0826-447f-9cec-4e8e0ab32e3d@u1g2000pre.googlegroups.com...
    > Hi,
    > For data ecapsulation, VPN relies on either of the
    > following technologies like GRE , IPSec, L2F,
    > PPTP and L2TP . But, which of the above
    > technologies is popular ? If they vary based
    > on the requirements, can you pls lemme know
    > a document/link that maps the technologies
    > against the requirements w.r.t VPN ?
    >
    > Thx in advans,
    > Karthik Balaguru



  3. #3
    karthikbalaguru
    Guest

    Re: Encapsulation in VPN

    On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    wrote:
    > IPSec and PPTP are more popular. The PPTP is using for client to server.
    > IPSec can be used as cleint to server or site to site VPN. This search
    > result may help.
    >


    Thx for your response. But it seems that PPTP can support only one
    tunnel at a
    time for each user. Therefore, its proposed successor, L2TP (a hybrid
    of PPTP
    and another protocol, L2F ) can support multiple, simultaneous tunnels
    for
    each user.

    So, shouldn't L2TP be popular ?

    PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
    premise
    equipment) to CPE. IPSec is the primary layer 3 VPN technology
    providing a CPE
    to CPE tunnel. Refer- http://www.networkdictionary.com/networking/vpn.php

    Further from another link from internet, i found that it seems that
    PPTP separates the control and data channels into control stream that
    runs over
    TCP and a data stream that runs over GRE (a less popular Internet
    standard).
    But, in contrast L2TP combines the control/data channels and uses
    high-performance UDP. This makes L2TP more "firewall friendly" than
    PPTP -- a crucial advantage for an extranet protocol -- since most
    firewalls
    do not support GRE.

    So, i wonder how PPTP is popular compared to L2TP ?
    Any ideas ?

    Thx in advans,
    Karthik Balaguru

  4. #4
    goarilla
    Guest

    Re: Encapsulation in VPN

    On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:

    > On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    > wrote:
    >> IPSec and PPTP are more popular. The PPTP is using for client to
    >> server. IPSec can be used as cleint to server or site to site VPN. This
    >> search result may help.
    >>
    >>

    > Thx for your response. But it seems that PPTP can support only one
    > tunnel at a
    > time for each user. Therefore, its proposed successor, L2TP (a hybrid of
    > PPTP
    > and another protocol, L2F ) can support multiple, simultaneous tunnels
    > for
    > each user.
    >
    > So, shouldn't L2TP be popular ?
    >
    > PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
    > premise
    > equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
    > a CPE
    > to CPE tunnel. Refer-
    > http://www.networkdictionary.com/networking/vpn.php
    >
    > Further from another link from internet, i found that it seems that PPTP
    > separates the control and data channels into control stream that runs
    > over
    > TCP and a data stream that runs over GRE (a less popular Internet
    > standard).
    > But, in contrast L2TP combines the control/data channels and uses
    > high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
    > -- a crucial advantage for an extranet protocol -- since most firewalls
    > do not support GRE.
    >
    > So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?
    >
    > Thx in advans,
    > Karthik Balaguru


    i don't know much about VPN, but i do believe it's a field
    dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...

  5. #5
    bod43
    Guest

    Re: Encapsulation in VPN

    On 19 Dec, 22:31, goarilla <kevin.pau...@skynet.remove-this.be> wrote:
    > On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:
    > > On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    > > wrote:
    > >> IPSec and PPTP are more popular. The PPTP is using for client to
    > >> server. IPSec can be used as cleint to server or site to site VPN. This
    > >> search result may help.

    >
    > > Thx for your response. But it seems that PPTP can support only one
    > > tunnel at a
    > > time for each user. Therefore, its proposed successor, L2TP (a hybrid of
    > > PPTP
    > > and another protocol, L2F ) can support multiple, simultaneous tunnels
    > > for
    > > each user.

    >
    > > So, shouldn't L2TP be popular ?

    >
    > > PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
    > > premise
    > > equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
    > > a CPE
    > > to CPE tunnel. Refer-
    > >http://www.networkdictionary.com/networking/vpn.php

    >
    > > Further from another link from internet, i found that it seems that PPTP
    > > separates the control and data channels into control stream that runs
    > > over
    > > TCP and a data stream that runs over GRE (a less popular Internet
    > > standard).
    > > But, in contrast L2TP combines the control/data channels and uses
    > > high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
    > > -- a crucial advantage for an extranet protocol -- since most firewalls
    > > do not support GRE.

    >
    > > So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?

    >
    > > Thx in advans,
    > > Karthik Balaguru

    >
    > i don't know much about VPN, but i do believe it's a field
    > dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...


    No.

    IPSEC is very widely used for infrastructure VPNs and is
    not proprietary. Cisco interoperates with Checkpoint interoperates
    with Draytek interoperates with OpenVPN ....... Never found
    a problem in dozens of cases.

    What is often proprietary are the VPN client solutions where
    one of the VPN endpoints is an individual PC.

    Cisco, Microsoft, Checkpoint all have their own proprietary
    inplementations.


  6. #6
    Bill Grant
    Guest

    Re: Encapsulation in VPN



    "goarilla" <kevin.paulus@skynet.remove-this.be> wrote in message
    news:4b2d5444$0$2856$ba620e4c@news.skynet.be...
    > On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:
    >
    >> On Dec 19, 10:22 pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    >> wrote:
    >>> IPSec and PPTP are more popular. The PPTP is using for client to
    >>> server. IPSec can be used as cleint to server or site to site VPN. This
    >>> search result may help.
    >>>
    >>>

    >> Thx for your response. But it seems that PPTP can support only one
    >> tunnel at a
    >> time for each user. Therefore, its proposed successor, L2TP (a hybrid of
    >> PPTP
    >> and another protocol, L2F ) can support multiple, simultaneous tunnels
    >> for
    >> each user.
    >>
    >> So, shouldn't L2TP be popular ?
    >>
    >> PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
    >> premise
    >> equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
    >> a CPE
    >> to CPE tunnel. Refer-
    >> http://www.networkdictionary.com/networking/vpn.php
    >>
    >> Further from another link from internet, i found that it seems that PPTP
    >> separates the control and data channels into control stream that runs
    >> over
    >> TCP and a data stream that runs over GRE (a less popular Internet
    >> standard).
    >> But, in contrast L2TP combines the control/data channels and uses
    >> high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
    >> -- a crucial advantage for an extranet protocol -- since most firewalls
    >> do not support GRE.
    >>
    >> So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?
    >>
    >> Thx in advans,
    >> Karthik Balaguru

    >
    > i don't know much about VPN, but i do believe it's a field
    > dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...
    >


    I would say that PPTP maintains its popularity with small to medium sized
    organisations because it does not require certificates. If you have an
    established certificate system in your organisation (and a person capable of
    maintaining it), L2TP is the obvious choice.

    If you do not, setting up and maintaining this simply to support a few
    dialup VPN clients is a big ask. Making a few changes to your firewall for
    GRE is pretty minor by comparison.



  7. #7
    Stephen
    Guest

    Re: Encapsulation in VPN

    On Sat, 19 Dec 2009 14:09:33 -0800 (PST), karthikbalaguru
    <karthikbalaguru79@gmail.com> wrote:

    >On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    >wrote:
    >> IPSec and PPTP are more popular. The PPTP is using for client to server.
    >> IPSec can be used as cleint to server or site to site VPN. This search
    >> result may help.
    >>

    >
    >Thx for your response. But it seems that PPTP can support only one
    >tunnel at a
    >time for each user. Therefore, its proposed successor, L2TP (a hybrid
    >of PPTP
    >and another protocol, L2F ) can support multiple, simultaneous tunnels
    >for
    >each user.
    >
    >So, shouldn't L2TP be popular ?
    >

    RFCs are written around standards, and IPsec is the one that gets
    picked often :)

    I vaguely remember this is to do with the encryption setups since the
    various L2 protocols seem to be less versatile.

    You need to remember VPNs are often specified by security depts, not
    IP, so security can be considered more important than simplicity.

    >PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
    >premise
    >equipment) to CPE. IPSec is the primary layer 3 VPN technology
    >providing a CPE
    >to CPE tunnel. Refer- http://www.networkdictionary.com/networking/vpn.php
    >
    >Further from another link from internet, i found that it seems that
    >PPTP separates the control and data channels into control stream that
    >runs over
    >TCP and a data stream that runs over GRE (a less popular Internet
    >standard).
    >But, in contrast L2TP combines the control/data channels and uses
    >high-performance UDP. This makes L2TP more "firewall friendly" than
    >PPTP -- a crucial advantage for an extranet protocol -- since most
    >firewalls
    >do not support GRE.

    life as usual isnt that simple.

    if you look at how IPsec is used in practice for "non single client"
    setups you tend to get another protocol within the IPsec wrapper.

    router to router links are often used in a resilient network - where
    you want multicast then you get
    IPsec -> GRE tunnel -> encap packet.

    Where you have client PC style VPNs a different set of constraints
    apply -
    Cisco VPN client on a PC is IPsec by default (last few times i used
    it)., but if you want to get it thru a NAT based SOHO router, you
    "hide" the IPsec by wrapping that in a UDP or TCP stream.

    So you get UDP wrapper stream -> IPsec -> encap packet.

    The TCP setup is a good fallback where the error handling is needed or
    a firewall doesnt allow UDP.
    So if you have a really poor link, or low thruput and high jitter such
    as older 3G links then TCP encap instead of UDP.

    Other VPN client setups seem to do similar things.

    >
    >So, i wonder how PPTP is popular compared to L2TP ?
    >Any ideas ?
    >

    If you want simple then throw all the thick client stuff out and go
    for SSL - but there are some apps that just do not work well or at all
    in a web front end setup.

    >Thx in advans,
    >Karthik Balaguru

    --
    Regards

    stephen_hope@xyzworld.com - replace xyz with ntl

  8. #8
    alexd
    Guest

    Re: Encapsulation in VPN

    Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, bod43
    chose the tried and tested strategy of:

    > Draytek interoperates with OpenVPN


    OpenVPN is proprietary and will not work with a Draytek router.

    --
    <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
    09:47:26 up 22 days, 13:40, 8 users, load average: 0.00, 1.02, 1.32
    Plant food is a made up drug


  9. #9
    Rob
    Guest

    Re: Encapsulation in VPN

    karthikbalaguru <karthikbalaguru79@gmail.com> wrote:
    > On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    > wrote:
    >> IPSec and PPTP are more popular. The PPTP is using for client to server.
    >> IPSec can be used as cleint to server or site to site VPN. This search
    >> result may help.
    >>

    >
    > Thx for your response. But it seems that PPTP can support only one
    > tunnel at a
    > time for each user. Therefore, its proposed successor, L2TP (a hybrid
    > of PPTP
    > and another protocol, L2F ) can support multiple, simultaneous tunnels
    > for
    > each user.
    >
    > So, shouldn't L2TP be popular ?


    I think you should know that "what is popular" is not determined by
    what can do most, what is technically superior and other such reasons
    that you run in to when you do a comparison of VPN technologies as
    a technician.

    What is popular is determined by what sells best, or what is part of
    something that already sells best. When it can do the job, it is used.

  10. #10
    Bob Goddard
    Guest

    Re: Encapsulation in VPN

    alexd wrote:

    > Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, bod43
    > chose the tried and tested strategy of:
    >
    >> Draytek interoperates with OpenVPN

    >
    > OpenVPN is proprietary and will not work with a Draytek router.


    OpenVPN community edition has been released under the GPL. Hardly
    proprietary. If it does not work, then hack on the source.

    --
    http://www.mailtrap.org.uk/

  11. #11
    bod43
    Guest

    Re: Encapsulation in VPN

    On 20 Dec, 09:50, alexd <troffa...@hotmail.com> wrote:
    > Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, bod43
    > chose the tried and tested strategy of:
    >
    > > Draytek interoperates with OpenVPN

    >
    > OpenVPN is proprietary and will not work with a Draytek router.


    OK. Was working by memory.

    I recall now, maybe we passed OpenVPN through
    our firewall and did not terminate on it. Sorry.


  12. #12
    Ace Fekay [MCT]
    Guest

    Re: Encapsulation in VPN

    > On 19 Dec, 22:31, goarilla <kevin.pau...@skynet.remove-this.be> wrote:
    >> On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:
    >>> On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    >>> wrote:
    >>>> IPSec and PPTP are more popular. The PPTP is using for client to
    >>>> server. IPSec can be used as cleint to server or site to site VPN. This
    >>>> search result may help.

    >>
    >>> Thx for your response. But it seems that PPTP can support only one
    >>> tunnel at a
    >>> time for each user. Therefore, its proposed successor, L2TP (a hybrid of
    >>> PPTP
    >>> and another protocol, L2F ) can support multiple, simultaneous tunnels
    >>> for
    >>> each user.

    >>
    >>> So, shouldn't L2TP be popular ?

    >>
    >>> PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
    >>> premise
    >>> equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
    >>> a CPE
    >>> to CPE tunnel. Refer-
    >>> http://www.networkdictionary.com/networking/vpn.php
    >>> Further from another link from internet, i found that it seems that PPTP
    >>> separates the control and data channels into control stream that runs
    >>> over
    >>> TCP and a data stream that runs over GRE (a less popular Internet
    >>> standard).
    >>> But, in contrast L2TP combines the control/data channels and uses
    >>> high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
    >>> -- a crucial advantage for an extranet protocol -- since most firewalls
    >>> do not support GRE.

    >>
    >>> So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?
    >>> Thx in advans,
    >>> Karthik Balaguru

    >>
    >> i don't know much about VPN, but i do believe it's a field
    >> dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...

    >
    > No.
    >
    > IPSEC is very widely used for infrastructure VPNs and is
    > not proprietary. Cisco interoperates with Checkpoint interoperates
    > with Draytek interoperates with OpenVPN ....... Never found
    > a problem in dozens of cases.
    >
    > What is often proprietary are the VPN client solutions where
    > one of the VPN endpoints is an individual PC.
    >
    > Cisco, Microsoft, Checkpoint all have their own proprietary
    > inplementations.


    I wouldn't say it's proprietary between Microsoft and Cisco, for after
    all, THEY developed L2TP as a joint venture, which became an industry
    standard.

    L2TPIn order to make use of the features of both PPTP and L2F, L2TP was
    developed in a joint venture between Microsoft and Cisco. ...
    http://zaielacademic.net/security/l2tp.htm

    Some companies do have their own propietary stuff, such as OpenVPN, but
    I haven't used it, so I can't comment on it.

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit
    among responding engineers, and to help others benefit from your
    resolution.

    Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
    MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer

    For urgent issues, please contact Microsoft PSS directly. Please check
    http://support.microsoft.com for regional support phone numbers.



  13. #13
    Phillip Windell
    Guest

    Re: Encapsulation in VPN

    "Bill Grant" <not.available@online> wrote in message
    news:uMOaD0PgKHA.1112@TK2MSFTNGP04.phx.gbl...
    >
    > I would say that PPTP maintains its popularity with small to medium
    > sized organisations because it does not require certificates. If you have
    > an established certificate system in your organisation (and a person
    > capable of maintaining it), L2TP is the obvious choice.


    Could use a pre-shared key for the L2TP which is about like using a
    password. However I just use PPTP being the small to medium size kinda guy
    that I am :-)

    --
    Phillip Windell

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------



  14. #14
    karthikbalaguru
    Guest

    Re: Encapsulation in VPN

    On Dec 20, 2:54*pm, Rob <nom...@example.com> wrote:
    > karthikbalaguru <karthikbalagur...@gmail.com> wrote:
    > > On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    > > wrote:
    > >> IPSec and PPTP are more popular. The PPTP is using for client to server.
    > >> IPSec can be used as cleint to server or site to site VPN. This search
    > >> result may help.

    >
    > > Thx for your response. But it seems that PPTP can support only one
    > > tunnel at a
    > > time for each user. Therefore, its proposed successor, L2TP (a hybrid
    > > of PPTP
    > > and another protocol, L2F ) can support multiple, simultaneous tunnels
    > > for
    > > each user.

    >
    > > So, shouldn't L2TP be popular ?

    >
    > I think you should know that "what is popular" is not determined by
    > what can do most, what is technically superior and other such reasons
    > that you run in to when you do a comparison of VPN technologies as
    > a technician.
    >
    > What is popular is determined by what sells best, or what is part of
    > something that already sells best. *When it can do the job, it is used.
    >


    Yes, that is true. Agreed :-)
    Thinking on the similar lines, another query popped
    up in my mind. In the case of L2TP, Is it mandatory
    that in the 'voluntary tunnel mode', the tunnel should
    end at the remote client and in the 'compulsory
    tunnel mode', the tunnel should end at the ISP ?

    Are there no other scenarios with other endpoints ?

    Thx in advans,
    Karthik Balaguru

  15. #15
    karthikbalaguru
    Guest

    Re: Encapsulation in VPN

    On Dec 22, 5:13*am, karthikbalaguru <karthikbalagur...@gmail.com>
    wrote:
    > On Dec 20, 2:54*pm, Rob <nom...@example.com> wrote:
    >
    >
    >
    >
    >
    > > karthikbalaguru <karthikbalagur...@gmail.com> wrote:
    > > > On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
    > > > wrote:
    > > >> IPSec and PPTP are more popular. The PPTP is using for client to server.
    > > >> IPSec can be used as cleint to server or site to site VPN. This search
    > > >> result may help.

    >
    > > > Thx for your response. But it seems that PPTP can support only one
    > > > tunnel at a
    > > > time for each user. Therefore, its proposed successor, L2TP (a hybrid
    > > > of PPTP
    > > > and another protocol, L2F ) can support multiple, simultaneous tunnels
    > > > for
    > > > each user.

    >
    > > > So, shouldn't L2TP be popular ?

    >
    > > I think you should know that "what is popular" is not determined by
    > > what can do most, what is technically superior and other such reasons
    > > that you run in to when you do a comparison of VPN technologies as
    > > a technician.

    >
    > > What is popular is determined by what sells best, or what is part of
    > > something that already sells best. *When it can do the job, it is used.

    >
    > Yes, that is true. Agreed :-)
    > Thinking on the similar lines, another query popped
    > up in my mind. In the case of L2TP, Is it mandatory
    > that in the 'voluntary tunnel mode', the tunnel should
    > end at the remote client and in the 'compulsory
    > tunnel mode', the tunnel should end at the ISP ?
    >
    > Are there no other scenarios with other endpoints ?
    >


    The 'Tunneling models' section in the below link
    clarifies it.
    http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

    Lemme know if there are other scenarios apart from
    those mentioned in the above link.

    Thx,
    Karthik Balaguru

  16. #16
    Stefan Monnier
    Guest

    Re: Encapsulation in VPN

    > IPSEC is very widely used for infrastructure VPNs and is not
    > proprietary. Cisco interoperates with Checkpoint interoperates with
    > Draytek interoperates with OpenVPN ....... Never found a problem in
    > dozens of cases.


    In which sense do they "interoperate"?

    > OpenVPN is proprietary and will not work with a Draytek router.


    In which sense is OpenVPN proprietary?

    > If you do not, setting up and maintaining this simply to support a few
    > dialup VPN clients is a big ask. Making a few changes to your firewall for
    > GRE is pretty minor by comparison.


    I went to the trouble of setting up a personal OpenVPN server (and
    corresponding clients) specifically because of the endless problems
    I had with firewalls when using PPTP (and I don't know about other
    people, but I can't make any change to most of the firewalls to which
    I'm exposed; and even when I could I still had problems when several
    machines within the same NAT subnet tried to use the same VPN).


    Stefan

  17. #17
    alexd
    Guest

    Re: Encapsulation in VPN

    Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, Stefan
    Monnier chose the tried and tested strategy of:

    >> IPSEC is very widely used for infrastructure VPNs and is not
    >> proprietary. Cisco interoperates with Checkpoint interoperates with
    >> Draytek interoperates with OpenVPN ....... Never found a problem in
    >> dozens of cases.

    >
    > In which sense do they "interoperate"?


    Which 'they' are you referring to?

    >> OpenVPN is proprietary and will not work with a Draytek router.

    >
    > In which sense is OpenVPN proprietary?


    There's only one implementation of the OpenVPN protocol [that I know of -
    recompiling for different platforms and writing pretty front ends don't
    count as reimplementations in my book]. OpenVPN Solutions LLC [the copyright
    holder] are therefore in a position to dictate what the OpenVPN protocol
    consists of, for example, changing the default UDP port. Anyone can take the
    source and extend it in ways that make it incompatible with OpenVPN, at
    which point it's no longer OpenVPN.

    --
    <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
    20:09:39 up 37 days, 4 min, 5 users, load average: 0.00, 0.02, 0.05
    DIMENSION-CONTROLLING FORT DOH HAS NOW BEEN DEMOLISHED,
    AND TIME STARTED FLOWING REVERSELY


  18. #18
    Dave Warren
    Guest

    Re: Encapsulation in VPN


    In message <jwv1vi85jff.fsf-monnier+comp.os.linux.networking@gnu.org>
    Stefan Monnier <monnier@iro.umontreal.ca> was claimed to have wrote:

    >> OpenVPN is proprietary and will not work with a Draytek router.

    >
    >In which sense is OpenVPN proprietary?


    In the sense that OpenVPN built their own protocol rather than relying
    on one of the existing standards.

    There is a lot I like about OpenVPN, but the client side stuff is just
    downright nasty to configure, maintain, or even use. It's great for
    techies, but I couldn't imagine putting it in front of an end user.

  19. #19
    David Brown
    Guest

    Re: Encapsulation in VPN

    alexd wrote:
    > Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, Stefan
    > Monnier chose the tried and tested strategy of:
    >
    >>> IPSEC is very widely used for infrastructure VPNs and is not
    >>> proprietary. Cisco interoperates with Checkpoint interoperates with
    >>> Draytek interoperates with OpenVPN ....... Never found a problem in
    >>> dozens of cases.

    >> In which sense do they "interoperate"?

    >
    > Which 'they' are you referring to?
    >
    >>> OpenVPN is proprietary and will not work with a Draytek router.

    >> In which sense is OpenVPN proprietary?

    >
    > There's only one implementation of the OpenVPN protocol [that I know of -
    > recompiling for different platforms and writing pretty front ends don't
    > count as reimplementations in my book]. OpenVPN Solutions LLC [the copyright
    > holder] are therefore in a position to dictate what the OpenVPN protocol
    > consists of, for example, changing the default UDP port. Anyone can take the
    > source and extend it in ways that make it incompatible with OpenVPN, at
    > which point it's no longer OpenVPN.
    >


    While it is true (AFAIK) that OpenVPN is the only implementation of the
    OpenVPN protocol, the protocol is built on SSL - thus the encryption
    part is very much standard. The authentication methods are also
    standard - it's only a certain amount of control information that is
    OpenVPN specific, and information on that is easily available as is the
    reference source code (the OpenVPN code).

    As OpenVPN source code is under the GPL, it is certainly true that
    anyone can take that code and extend it or change it. It won't be
    OpenVPN any more (I'm guessing the name is trademarked), and if it is
    incompatible then it will be of pretty limited use. However, this means
    that if the OpenVPN Technologies (the company behind OpenVPN) ever
    decided to make a new version that is incompatible and closed off, then
    it would be a simple matter to fork the code and release a "FreeVPN"
    that remained open and free. The only reason that no one has done
    anything like that, or bothered to make other implementations of the
    protocol, is that the official OpenVPN software and support do a
    perfectly good job.

    As for your examples of port numbers, OpenVPN has had an IANA official
    port number since 2004. And if you want to change it, it's just an
    entry in the configuration file.

  20. #20
    David Brown
    Guest

    Re: Encapsulation in VPN

    Dave Warren wrote:
    > In message <jwv1vi85jff.fsf-monnier+comp.os.linux.networking@gnu.org>
    > Stefan Monnier <monnier@iro.umontreal.ca> was claimed to have wrote:
    >
    >>> OpenVPN is proprietary and will not work with a Draytek router.

    >> In which sense is OpenVPN proprietary?

    >
    > In the sense that OpenVPN built their own protocol rather than relying
    > on one of the existing standards.
    >
    > There is a lot I like about OpenVPN, but the client side stuff is just
    > downright nasty to configure, maintain, or even use. It's great for
    > techies, but I couldn't imagine putting it in front of an end user.


    I would say the same thing about any VPN solution other than OpenVPN.
    For the most part, we have windows clients and linux servers. When
    someone needs OpenVPN access, I just give them a copy of the windows
    installer, and generate a key and a configuration file (which is simply
    a sample config file with the remote address modified appropriately).
    The setup is vastly easier than other ways to handle VPNs, especially if
    the client is behind a router or needs to connect to multiple VPNs.

    In other cases, we've provided routers with OpenWRT installed and the
    client configured. The user plugs in the router, and has VPN access via
    one of the network ports. It couldn't be easier.

Similar Threads

  1. Replies: 1
    Last Post: 11-06-09, 12:26 PM
  2. Why is VPN slow to some sites, but not all?
    By greenyoda2000 in forum Broadband Tweaks Help
    Replies: 7
    Last Post: 10-06-09, 04:48 AM
  3. Help VPN connection to Linksys RV082 VPN Router
    By alexid in forum Networking Forum
    Replies: 2
    Last Post: 06-20-08, 09:31 AM
  4. Adding VPN Router to Existing Network
    By sheider in forum Wireless Networks & Routers
    Replies: 5
    Last Post: 01-17-07, 09:28 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •