***: mh_e has quit IRC (Remote host closed the connection)
Hien has quit IRC (Quit: leaving)
Hien has joined #arpnetworks
heavysixer has quit IRC (Read error: Connection reset by peer)
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
HighJinx has joined #arpnetworks
gcw|mbpro1 has quit IRC (Remote host closed the connection)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Remote host closed the connection)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
heavysixer has quit IRC (Remote host closed the connection)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
garry97531 has joined #arpnetworks
garry97531 has quit IRC (Quit: Page closed)
heavysixer has quit IRC (Quit: heavysixer)
-: up_the_irons looks around
mhoran looks under
***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
gcw|mbpro1 has joined #arpnetworks
gcw|mini1 has joined #arpnetworks
gcw|mbpro1 has quit IRC (Ping timeout: 246 seconds)
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
up_the_irons: channel poll: what VPN client do you guys like the best? I happen to use OpenVPN a lot, but I'm on Linux. What is decent on FreeBSD / OpenBSD? How about the Windows users? I'm researching VPN solutions b/c we are going to be giving dedicated server customers access to a new VPN (for IPMI cards)
milki: i use vpnc >.<
mhoran: OpenVPN.
up_the_irons: ah yes, I also liked vpnc when I had to connect to Rackspace's vpn
mhoran: I'd prefer not to have to use a reverse-engineered client. :)
up_the_irons: milki: OS?
mhoran: OS?
milki: linuxes
mhoran: Linux.
up_the_irons: roger
jdoe: mhoran: spoken like someone who never tried to use the actual honest-to-god cisco linux client.
vpnc was a godsend :P
milki: lol
jdoe: up_the_irons: openvpn is easy to setup, has clients for everything, and is probably secure. Downside is that it's slower than ipsec in most cases, since it's userland and usually won't have any hardware assist.
mhoran: jdoe: I worked at Cisco for six months.
jdoe: mhoran: can I blame you for it then?
milki: lol
mhoran: Nope. Just an intern. :p
up_the_irons: LOL
jdoe: up_the_irons: ipsec is faster, but (interesting fact) everything related to ipsec is entirely composed of hate.
evhan: up_the_irons: tightvnc here. Nothing fancy.
up_the_irons: jdoe: hahaha
jdoe: nat problems, incompatible implementations, it's... just a fucking nightmare.
avoid ipsec like the plague.
milki: but ipsec is the future!
up_the_irons: jdoe: oh i know, i had to set up an ipsec vpn from a linux server to cisco 3000; not fun
jdoe: yeah.
the lack of documentation is awesome.
especially when you're dealing with (for example) the osx built-in client.
up_the_irons: and the 7 different implementations on linux
jdoe: yeah, I was trying to do osx -> strongswan at some point.
up_the_irons: ouch
jdoe: fuck ipsec, fuck raccoon, fuck... everything.
haha.
(all of this is IMNSHO, IANABBQ)
up_the_irons: OpenVPN's speed is good enough for me, I use it for all our internal stuff; works great. But if I invest the time making an OpenVPN solution for customers, I wanna make sure the *BSD guys and Windows users are also covered. OpenVPN on OS X also worked fine; i had a team of devs using it once
IANABBQ?? ;)
jdoe: yeah, that's my feeling about openvpn too.
good enough, and most importantly it ... just works. everywhere.
tunnelblick is pretty good, though it takes a while to stabilize on new osx vers.
it took a loooong time for them to get a non-beta build for lion.
up_the_irons: yeah tunnelblick is pretty neat
I was also looking at SSL VPNs, which have the great advantage of no clients and only using port 443 (so hardly any firewalls block this), however, the great disadvantage of requiring Java or ActiveX, which just won't fly...
jdoe: openvpn is an ssl vpn :P
up_the_irons: jdoe: well, i mean, a browser based one
jdoe: ew.
up_the_irons: i know...
mhoran: OpenVPN is so easy to configure in GNOME 3. That is all. :)
Actually, vpnc too, but you might as well run an open protocol instead of that.
up_the_irons: mhoran: yeah
mhoran: does the configurator in GNOME 3 also generate the CSR, etc... or is it just pre-shared keys?
mhoran: Does it all!
up_the_irons: wow nice
mhoran: http://matthoran.com/tmp/configurator.png
And under Advanced you can set up the TLS auth and stuffs.
up_the_irons: nice!
***: HighJinx has joined #arpnetworks
HighJinx has quit IRC (Client Quit)
heavysixer has quit IRC (Quit: heavysixer)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Client Quit)
portertech has quit IRC (Ping timeout: 240 seconds)
portertech has joined #arpnetworks
HighJinx has joined #arpnetworks