channel poll: what VPN client do you guys like the best?  I happen to use OpenVPN a lot, but I'm on Linux.  What is decent on FreeBSD / OpenBSD?  How about the Windows users?  I'm researching VPN solutions b/c we are going to be giving dedicated server customers access to a new VPN (for IPMI cards)
i use vpnc >.<
OpenVPN.
ah yes, I also liked vpnc when I had to connect to Rackspace's vpn
I'd prefer not to have to use a reverse-engineered client. :)
milki: OS?
mhoran: OS?
linuxes
Linux.
roger
mhoran: spoken like someone who never tried to use the actual honest-to-god cisco linux client.
vpnc was a godsend :P
lol
up_the_irons: openvpn is easy to setup, has clients for everything, and is probably secure. Downside is that it's slower than ipsec in most cases, since it's userland and usually won't have any hardware assist.
jdoe: I worked at Cisco for six months.
mhoran: can I blame you for it then?
lol
Nope. Just an intern. :p
LOL
up_the_irons: ipsec is faster, but (interesting fact) everything related to ipsec is entirely composed of hate.
up_the_irons: tightvnc here. Nothing fancy.
jdoe: hahaha
nat problems, incompatible implementations, it's... just a fucking nightmare.
avoid ipsec like the plague.
but ipsec is the future!
jdoe: oh i know, i had to set up an ipsec vpn from a linux server to cisco 3000; not fun
yeah.
the lack of documentation is awesome.
especially when you're dealing with (for example) the osx built-in client.
and the 7 different implementations on linux
yeah, I was trying to do osx -> strongswan at some point.
ouch
fuck ipsec, fuck raccoon, fuck... everything.
haha.
(all of this is IMNSHO, IANABBQ)
OpenVPN's speed is good enough for me, I use it for all our internal stuff; works great.  But if I invest the time making an OpenVPN solution for customers, I wanna make sure the *BSD guys and Windows users are also covered.  OpenVPN on OS X also worked fine; i had a team of devs using it once
IANABBQ?? ;)
yeah, that's my feeling about openvpn too.
good enough, and most importantly it ... just works. everywhere.
tunnelblick is pretty good, though it takes a while to stabilize on new osx vers.
it took a loooong time for them to get a non-beta build for lion.
yeah tunnelblick is pretty neat
I was also looking at SSL VPNs, which have the great advantage of no clients and only using port 443 (so hardly any firewalls block this), however, the great disadvantage of requiring Java or ActiveX, which just won't fly...
openvpn is an ssl vpn :P
jdoe: well, i mean, a browser based one
ew.
i know...
OpenVPN is so easy to configure in GNOME 3. That is all. :)
Actually, vpnc too, but you might as well run an open protocol instead of that.
mhoran: yeah
mhoran: does the configurator in GNOME 3 also generate the CSR, etc...  or is it just pre-shared keys?
Does it all!
wow nice
http://matthoran.com/tmp/configurator.png
And under Advanced you can set up the TLS auth and stuffs.
nice!