WDS with AES encryption

AthlonRob AthlonRob
Fri Feb 13 11:19:41 PST 2004 

On Fri, 2004-02-13 at 11:06, Bruno Randolf wrote:

I've been using OpenVPN for several months... most recently to bridge
two remote networks together into one seamless network over a T1
connection, securely.

> i just had a look at both this week. this are the main differences, imho:
> 
> * openvpn can use certificates, tinc does not

OpenVPN seems to prefer the use of certificates, as well.  I generally
just utilize static shared keys, but the certificate powers OpenVPN
supports are quite nice.

> * tinc only needs 1 port for multiple incoming connections, openvpn needs a 
> seperate port and configuration file for each tunnel

This is, essentially, true.  Due to OpenVPN's design, a few individuals
of late have been working on changing this.  There are now two separate
schemes available to allow OpenVPN to work with multiple clients all at
once.  Really, neither is effective with many clients... more than ten
or twenty... but they both allow primary control over a single TCP or
UDP port.  They both, I believe, require the use of multiple
configuration files and TUN/TAP devices.

> * tinc is more suitable for a peer-to-peer VPN with more than two 
> participants: when you are connected to one peer, and need to send a packet 
> to another part of the VPN tinc can automatically create the connection to 
> the other one.

Does it do that, or does it just bridge multiple VPN connections
together into a single bridged interface?

> * in contrast openvpn is more oriented towards a single tunnel.

Point to point.

> * tinc has been criticized (http://tinc.nl.linux.org/security) for having some 
> security flaws, i have not found any security analysis of openvpn.

I'm not sure there have been any... however, OpenVPN is *so* tied in to
OpenSSL, it really, IMHO, is as secure as any other OpenSSL based
application out there.  James seems to have designed it with security in
mind from the getgo.

> i think it mainly depends if you want a simple tunnel between 2 hosts 
> (openvpn) or if the VPN should cover more than 2 hosts (tinc).

If tinc scales well (and I don't know if it does or not), then I would
have to adjust the deciding factor to be how many hosts.  If we're
talking less than twenty hosts, of which you're administrator over all,
OpenVPN would be the route to go.  If we're dealing with more than
twenty hosts, tinc or some other VPN product would be the way to go.

OpenVPN is also developed for multiple platforms, including Windows, the
BSDs, and Linux.  I really don't know about tinc.  :-)

Rob

More information about the Hostap mailing list