LinuxSecurity: OpenVPN: An Introduction and Interview with Founder, James Yonan
Nov 11, 2003, 03:00 (0 Talkback[s])
(Other stories by Duane Dunston)
No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >
"OpenVPN is a newer generation VPN in that it is based on SSL as
the underlying security mechanism. IPSEC is the current and most
popular standard for VPN technology. SSL is already a standard for
secure communication over the Internet for financial transactions,
checking email, and ensuring sensitive information is not leaked to
'people-in-the-middle.' Many articles I've read speak of SSL VPN's
as requiring a browser. I'm not sure why that gets under my skin.
It just isn't true. The only time I use a browser over OpenVPN is
to access an intranet web server on the remote side. Once an
OpenVPN tunnel is established you can then use any application to
access services on the remote end, provided the right access
controls are in place. A browser is not needed to create an OpenVPN
tunnel, it can be done from the commandline. Another nicety is that
it runs on Windows 20000/XP, Linux, Solaris, FreeBSD, OpenBSD,
NetBSD, and MacOS X.
"Oh yes, and it is under the GNU Licenese. OpenVPN uses the
protocols that are available with SSL and TLS 1.0 for
authentication, encryption, and intergrity checking. I have
personally tested and use OpenVPN on Windows and Linux systems.
I've never had problems using any applications over OpenVPN. The
only issue I've run into is a common or well-known issue with VPN's
and that is the problem with packet fragmentation, which is easily
remedied by a simple OpenVPN configuration option..."
Weekly News - September 10th, 2002(Sep 11, 2002)