[afnog] Site-to-site VPN

Phil Regnauld regnauld at nsrc.org
Tue Dec 1 12:24:32 UTC 2009


Makan SIMAGA (makansimaga) writes:
> Hi,
> 
> I want to connect two site with a VPN but I hesitate between  IPcop with openvpn addon and a debian box with openvpn package.

	Hi Makan,

	It depends what you want to achieve.  For the lowest overhead possible,
	I'd suggest using something IPsec based, but OpenVPN works very well,
	no matter what you run it on.

> Is it possible to authenticate my active directory domain users during their connexion?

	If you mean AD/LDAP authentication for OpenVPN users, yes:

	http://amigo4life.googlepages.com/openvpn

	... but this is not "site-to-site"...

> What technology is the most appropriate in my case IPsec VPN or SSL VPN?


	For the site-site part, I'd use OpenVPN or IPsec, and for the roaming
	users, just use OpenVPN.  We do this with certificates and our own CA
	where I work, for Windows, Mac and Linux users.  Works fine.

	Cheers,
	Phil



More information about the afnog mailing list