[svlug] OpenVPN [was: IPSec failing in phase 1]

Florin Andrei florin at andrei.myip.org
Wed Jun 16 12:57:41 PDT 2004

Previous message: [svlug] IPSec failing in phase 1
Next message: [svlug] OpenVPN [was: IPSec failing in phase 1]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-06-16 at 02:08, David Masten wrote:
> 
> I'm trying to set up an IPSEC/L2TP tunnel from a friend's WinXP into one
> of my Linux hosts. When he tries to connect I see the following show up
> in my logs:
> 
> 	ERROR: isakmp.c:1466:isakmp_ph1resend(): phase1 negotiation
> 	failed due to time up. 373b7a265a5e118d:f24f49dc719ee597

If there is a strong requirement for IPSec in particular with your
project, then this message won't help you.

But if all you want is to setup a VPN link between two networks,
regardless of the underlying encryption (as long as it's strong and
secure), then have a look at OpenVPN:

http://openvpn.sourceforge.net/

IPSec VPN is a nightmare. The Linux implementations are cranky. There
are no good free clients for Win2K (well, you could fiddle with the
system, but it's hardly something that a Joe Regular User can do). It's
hostile to NAT environments (again, there are workarounds, but...).
Buying a turn-key solution from a large provider alleviates some of the
issues. But not all of them.

So after screaming in frustration at moody, complex and buggy IPSec VPN
implementations, i discovered OpenVPN. It Simply Worked at the first
attempt. It does not care about NAT. It even tunnels through proxies.
The Windows client, while not a GUI app, is easy to install and makes
OpenVPN available as a service (then you just create two .bat files, one
for starting the service, one for stopping it, and put them on the
desktop: VPN-Start.bat and VPN-Stop.bat). It's robust and recovers from
network problems. It's even got adaptive compression.
The docs are kinda convoluted, but keep reading, they do have everything
you need. All else failing, the mailing list is usually helpful.
I installed it and, ever since, it's been an install-and-forget type of
thing.

You could either give a try to the stable 1.6 version (the one that i'm
using), or wait till the much improved 2.0 comes out of beta.

Here's a shameless plug:

http://fedoranews.org/contributors/florin_andrei/openvpn/

Just my biased 2 cents...

-- 
Florin Andrei

http://florin.myip.org/

Previous message: [svlug] IPSec failing in phase 1
Next message: [svlug] OpenVPN [was: IPSec failing in phase 1]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list