|
|
On 2/2/06, Monty Ree <chulmin2@xxxxxxxxxxx> wrote: > I don't know the difference between IPSEC and SSL based vpn well. SSL (by itself) is really a family of protocols and standards for cryptography and it's implementation. OpenSSL is an implementation of SSL. IPsec is a suite of protocols that extend the basic Internet Protocol to include security features. It all happens at the IP level, and generally requires "hooking into" the IP stack at a low level. IPsec and it's implementations have a reputation for being complicated and hard to maintain and/or incompatible. It's a reputation that is largely deserved, in my opinion. Most so-called "SSL VPNs" are simple tunnels created using SSL. In practice, they are often functionally identical to SSH port forwarding. They often make use of features already present in a web browser to accomplish much of what they do. As Michael Scheidell rightly notes, they still require some kind of software. They often depend on Microsoft Internet Explorer and/or some kind of install-on-demand package. OpenVPN functions as an IP transport, like IPsec. However, it is implemented outside of the operating system kernel as much as possible, which makes things easier. Since there is only one OpenVPN implementation, there are no interoperability issues. For the actual cryptography, OpenVPN uses OpenSSL. Hope this helps, -- Ben ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |