Been doing lots of VPN setup and configuration lately, especially inside of Amazon Web Service (AWS) Virtual Private Clouds (VPCs.) They have a built-in VPN capability using IPSec but it generally seems specifically focused on device-to-device (D2D) configurations. Depending on the need I have turned up StrongSwan and/or OpenVPN as a solution.
OpenVPN has an advantage of being able to do SSL VPN on 443 making it look exactly like HTTPS web traffic (effectively making it unbreakable by network administrators.) Things like proxy-servers don’t even know you are creating a VPN tunnel. However, on Windows OpenVPN client software has to be installed to use it.
StrongSwan is a IPSec VPN option that works well with existing P2P VPN systems. The native Windows VPN tools work out of the box with a standard StrongSwan configuration (as long as your certs have been signed by a trusted CA.) Performance is also very good.
So far, I really really like OpenVPN as once it is configured it works everywhere, regardless of network policy or ISP limitations. Linux Network Manager has built in support for it making is very very easy to configure clients to use it as well. That said, for IPSec configurations needing to connect to Windows Clients; StrongSwan has been my go-to solution.
Useful links follow:
Linux StrongSwan Server
- AWSVPN with StrongSwan – Wiki document on StrongSwan site for setting up an Amazon Web Service instance.
- EAP Configuration for multi client access – Specifically geared toward setting up Multiple Windows 7 clients on StrongSwan
- ip.secrets settings – Explanation of the setup for in ip.secrets on Linux StrongSwan server.
Workstation StrongSwan Setup/Install Client
- Windows 7 – Installation of client files and VPN setup for StrongSwan
- Windows 7 Multi-client – Another wiki documentation listing multi-client considerations and their settings .
- Pluieglaciale Tutorial – An extremely useful blog tutorial covering Windows 7 client setup and tutorial. No clue what the title of the blog means.
- EAP-MSCHAPv2 – Wiki doc with photos for setting up clients with EAP-MSCHAPv2 certs.
- CA Cert Configuration – Setup and import methods for CA certs on Windows 7.
- Network Manager Configuration – Linux Client setup with screen shots.
OpenVPN on Ubuntu
- OpenVPN Server on Ubuntu 13.10 – As usual, Ubuntu documentation is exceptional.