Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free SSL VPN Solutions?

Posted by ryuzaki0 on from the your-own-tunnel dept.

poison1701 asks: "I am in the process of evaluating SSL VPN solutions to comply with the security regulations that are imposed on my company. So far the only free SSL VPN product I have come across is SSL Explorer Community Edition which looks like a very good product, but the free version lacks some of the features that I want (like the full IPSec client). What other SSL VPN solutions are out there? "

6 of 70 comments (clear)

  1. Openvpn by brokenin2 · · Score: 5, Informative

    Openvpn... Free, full of features.. Open source.. reliable.. Most everything you'll want, even including a windows client and server (never used under windows though).

    1. Re:Openvpn by GloomE · · Score: 5, Informative

      Yah
      I'm using it with both Linux and Windows.
      Tunnels and point-to-point.

      I used to use IPSec, a lot of hassle, takes too long to bring the tunnel back up if it goes down, would go down and not come back up without manual intervention.

      OpenVPN however has been perfectly reliable for the 6 weeks I've been using it so far.
      The Windows GUI version from http://openvpn.se/ seems to work simply enough for many Windows users.

  2. What do you want. by DA-MAN · · Score: 5, Informative

    It looks like you don't understand the terminology properly, and it will be hard to make suggestions.

    SSL/TLS is a Transport Layer. It does not mean web based. That said, here are your options for types of vpn's that typical end users usually connect to:

    1) Full IP Access: Traditional VPN System. May put you on diff VLAN, but gives you an internal IP (or split tunnel) with access to internal resources directly. This will include OpenVPN, Hamachi, Typical IPSec VPN's, etc.
    2) Web based VPN: Usually encapsulated over https (ssl), this creates a pretty frontend for typical tasks. IE File browser for Samba/Win2000/2003 Servers, VNC w/ Redirection, etc
    3) Remote Machine Access: This includes NX, Remote Desktop, ssh and vnc. These give you direct access to a specific machine, which has access to other machines internally.

    It seems like when you say SSL, you mean web based. And when you say IPSec, you mean Full IP Access. If this is correct, then you'll need to use two open source products.

    I'd highly recommend using SSL Explorer for web based access, and OpenVPN for IP based access. If you don't mind paying, some of the low end Netscreens from Juniper will do both beautifully.

    Either way, please familiarize yourself with the technologies before you go talking to vendors, unless you're looking to get ripped off.

    --
    Can I get an eye poke?
    Dog House Forum
  3. Juniper by TheCabal · · Score: 4, Informative

    Juniper Neoteris. Rock solid SSL VPN. Doesn't cost all that much, has robust features and granular access control. Comes with an ActiveX or Java client so you're not limiting yourself to just Windows users being able to use it.

  4. Dear Slashdot by Anonymous Coward · · Score: 5, Funny

    "I am tasked with evaluating SSL VPN solutions to comply with the security regulations that are imposed on my company. So far I am lost. Please do my job for me as I am not sure what this google thing is everyone keeps mentioning. k thx bye"

  5. OpenVPN -- what it is, and isn't. by Slartibartfast · · Score: 4, Informative

    First, let me just say that OpenVPN is the coolest VPN solution, ever. There's a GUI for Windows users, it can tunnel through ANYTHING (NTLM authentication through a proxy server? No problem!), it's incredibly flexible, it has features out the wazoo, it has good documentation and -- get THIS -- the logs actually contain stuff that helps you fix problems. "Certificate file /etc/openvpn/keys/foo.crt not found." Stuff like that. However, apparently (since OpenVPN -also- uses UDP by default, thus eliminating TCP-over-TCP cascading issues), there's more to OpenVPN than meets my eye; on a BBS I'm a member of (telnet://whip.isca.uiowa.edu), one of the more network-savvy folks had some commentary:

    OpenVPN is the only "SSL VPN" that uses UDP, yes. They invented a protocol that
    uses SSL over UDP for authentication, and until they did, SSL had never been
    implemented over UDP. There's now an IETF Internet Draft for DTLS, which is
    another SSL over UDP protocol specification, but no one else uses it yet,
    AFAIK, and it's still just an Internet Draft, not an RFC yet. The others
    implemented their SSL VPNs over TCP for two reasons:

    1) There wasn't a standard SSL over UDP specification to implement.
    2) SSL over UDP doesn't look like HTTPS, which is half the appeal of these
          products, because looking like HTTPS is often what gets them through
          a firewall on their end when a conventional VPN client can't get through.

    Note that OpenVPN doesn't transport its data stream over SSL. They use IPSec
    ESP over UDP for that, the same as standard IPSec NAT-T does. They just use
    SSL over UDP for session authentication and management--in other words, as
    an IKE replacement, as far as I can tell. In that respect, there's really
    not much to differentiate it from IPSec NAT-T.