What is the best VPN technology to implement in a SOHO setting? [closed]

security vpn

Solution 1:

Frankly any VPN which doesn't require a custom client is a good one. As it's a SOHO environment I assume that you don't have a requirement to authenticate against some back end user/password system like AD or LDAP.

PPTP has been in Windows for a long time as it's a Microsoft technology, but pretty much every OS now supports it. In the past it's had flaws, but has matured well. PPTP does not require an X509 certificate (although if you're using EAP it does)

IPSEC is a more open standard and is commonly used to protect server to server communications because it works on layer 3 and so is transparent to applications. Authentication is either via a preshared key or via certificates.

There's no real answer here. They're all much of a muchness these days. If you want multiple users connecting and want to audit then PPTP provides usernames and passwords, IPSEC doesn't - you can only change the preshared key to stop people authenticating and that affects everyone. Certificates aren't really doable for SOHO environments in my opinion.

Solution 2:

I speak from experience in saying OpenVPN is much easier to set up and deploy than IPSec and its cousins. It's also much more flexible than Hamachi.

OpenVPN is definitely secure. It uses SSL to negotiate the connection and Blowfish (or AES if you prefer) to secure the connection. The algorithms have been in the public domain for many years and been subject to severe cryptanalysis. The PPTP flavor of IPSec is not really secure anymore. Hamachi has good security.

Your OpenVPN implementation is completely under your control. You can't say the same about Hamachi, which goes through LogMeIn's servers. You can't be sure of what Hamachi or the IPSec clients are really doing, because they are closed-source and proprietary systems. You also don't get the degree of configurability with those that you get with OpenVPN.

Don't misunderstand my opinion of Hamachi. It's a great product. I just don't think it's necessarily the best for the purpose.

Related

What's the best way to migrate from a Windows NT domain to Windows 2000/2003 domain?
Is there a quick way to safely remove a USB flash drive under Windows?
Low memory application priority
Computers and air travel
Windows 7 x64 - free virtual machine host applications running headless
Detect if an app is installed from Play store
How to stop a linux server from beeping when a RAID HDD has failed
Using realloc to shrink the allocated memory
DNS Reverse lookup not working
How to merge two branches without a common ancestor?
popen simultaneous read and write [duplicate]
Explode array data into rows in spark [duplicate]