Slashdot Mirror

← Back to Stories (view on slashdot.org)

Are the VPN Alternatives Enterprise Ready?

Posted by Cliff on from the waiting-for-maturity dept.

steve asks: "There has been some talk about the newer alternative to true VPN lately. Are products like Netilla or Neoteris enough to replace the typical 'extranet'. most are based on simple SSL technology and somewhat limited in what applications you can run or use them for but they do give a simple web based interface. Has anyone out there played with any of these? Are they truly worth a look yet? Would you be concerned about potential browser issues (security or otherwise) creating a back door on your nice firewall?"

2 of 26 comments (clear)

  1. Sounds interesting! by balamw · · Score: 3, Interesting
    We've been using a Compatible Systems Intraport 2 (now aka Cisco VPN5000, and end of lifed) for IPSec based VPN services for a few years now. The number one problem we've had is the clients establish a good connection, but then clients can't seem to be able to resolve names reliably using WINS, so they need to hardcode some of our server addresses in LMHOSTS. (NOTE: Recent clients seem far more robust in this respect).

    So, the very people who should be using it, users out in the field won't because they have been burned before. So, I was recently setting up IMAP/SSL and OWA/SSL access to our email server using stunnel as a backup, in case the VPN client doesn't feel like resolving names.

    They seem to like this, so I was also looking at using one of the many variants on smb2www over SSL to provide backup access to our NT file servers, but I wanted to limit what servers and shares they could see this way from the outside. If these products can do that, then I might just recommend them for our company!

    Balam

  2. VTun, PPTP, Free/SWAN by Anonymous Coward · · Score: 2, Interesting

    For Linux to Linux VPNs where network transparency is key, i use VTun and Linux kernel bridging to create a single-subnet VPN, which works great.

    Enterprise-ready? Well, i wouldn't know about that, but i did run our companies (40+ person) LAN over a VTun tunnel for 2 months without a problem, where all the servers stayed at one location, and all the clients were at another premise. All connectivity, including internet traffic went over the VTun link.

    For Win2K-based road-warrior type applications, i use PPTP with MS-CHAP2 and MPPE extensions, which works well, though Windows Networking doesn't work so well over multiple subnets.

    I haven't used this enough to really comment on it's stability/performance

    I have Free/SWAN IPSec compiled and ready to test, but it seems like a bit of a nightmare to set up.

    It has easily the most confusing documentation and configuration file layout of any VPN-type product i have tried.

    Personally, i use VTun between my firewalls at home and work if i need transparent VPN, though ppp-over-ssh and X-over-ssh suffices 98% of the time.