[Asterisk-Users] X-Lite to Asterisk through NAT?
Sunrise Ltd
stsltdtyo at yahoo.co.jp
Fri Jul 30 22:20:57 MST 2004
Florin Andrei wrote:
>OpenVPN
>
>http://openvpn.sourceforge.net/
>
>I used it to replace traditional IPSec-based VPNs,
>it runs circles around them.
that's an opinion.
Without going into the details of how IP over SSL runs
counter to the self tuning features of TCP/IP let's just
say that IP over SSL tunneling is not unlike NAT in that
it is not really the right thing to do, but many people do
it anyway simply because if all you have is a hammer,
everything looks like a nail.
If you have to encrypt a data stream on a per socket
basis, by all means, use SSL, that's what it was designed
for, that's what it is good at. But if you have to
encapsulate IP traffic, then SSL is not the right tool.
Just because you can doesn't necessarily mean you should
do it.
Besides, we were talking about ease of setup of Wolverine
versus other IPsec implementations and you say OpenVPN
runs circles around traditional solutions. Now, I don't
know if you meant to include Wolverine in those
"traditional solutions" but since you obviously never used
Wolverine, you are hardly in a position to make any
judgement.
As for the original poster "ted_programmer", you can
contact me offlist if you wish and tell me a bit more
about your setup and I will see if I can devise a *proper*
VPN solution for you (within your constraint of not having
to dedicate another box).
rgds
benjk
--
Sunrise Telephone Systems Ltd
9F Shibuya Daikyo Bldg., 1-13-5 Shibuya, Shibuya-ku, Tokyo, Japan
__________________________________________________
GANBARE! NIPPON!
Yahoo! JAPAN JOC OFFICIAL INTERNET PORTAL SITE
http://mail.ganbare-nippon.yahoo.co.jp/
More information about the asterisk-users
mailing list