Hi Joe,
My personal experience is with a medium size network deployed using
OpenVPN on Debian for the servers and Windows XP SP2 + OpenVPN GUI for
the clients, using X.509 certificates (we are our own CA).
Issues?
None at all.
Programs that do not work?
None of the programs we use... and we use a lot of stuff.
Features?
We found the flexibility to direct all traffic through the VPN (or not)
very useful. We have 2 config files each, one directs all traffic
through the VPN, and the other only implements traffic to our servers on
the other, thus we can decide which one to use depending on our needs.
X.509 certificate authentication is a pain to deploy in the very
beginning, specially if you've a large user population (you've to create
a certificate for every user), but after that maintenance is close to
nil, other than creating certificates for new starters of issuing a CRL
to the servers when someone leaves the company.
We have multiple servers, and the configuration files for the clients
specify all of them. We had a server failure (hard disk crash) and we
noticed it only when the logs failed to arrive by email. No one lost
connectivity.
If you're a part of a company that likes to have a big team offering you
commercial support for big bucks, forget about it ;-)
If you want a product that WORKS FLAWLESSLY and costs you almost
nothing, go for it.
Regards,
Miguel Dilaj
Vice President of IT Security Research, OISSG
www.oissg.org
Joe wrote:
Hi all
I'm currently interested in SSL-VPN solutions, problems and
deployments. Personally I prefere much more the term „SSL-based remote
access" since almost all those products (except OpenVPN) claiming to
be SSL-VPNs don't offer any network functionality. Would you guys
share your experiences?
What are the issues you spotted when deploying SSL-based remote access
solutions?
Any experiences with certain products? (my company for example made
bad experiences with iGate from SafeNet)
What features make an SSL-remote access solution a good one?
I know these are some very general questions.
Thanks anyway
Joe
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
