Best VPN solution for Linux
Q Let me first say that I am a Windows administrator who can 'do' Linux, and at this point I am extremely sick of the cost and maintenance associated with Windows. I'm looking for a solution to replace our Windows virtual private network [VPN] and want to go the Linux route. I was hoping to use an open source SSL VPN that can be run over a browser, but am having trouble finding one. Can you enlighten me and tell me what is hot now in the Linux VPN market? I know Freeswan is popular, but that is IPSec. OpenVPN seems to be another high-ranking product; it's SSL but won't run over a browser. I have looked at commercial products too (namely SmoothWall), but I wanted to do this myself (and I am a cheapskate). My co-worker, who is a 20-year veteran of the Unix world, wants to use SSH for the VPN, but I have heard that the overhead is too high and performance suffers.
A This does seem to be a field that is dominated by large commercial applications, which is not that surprising considering that they are aimed at enterprise users. But one open source project stands out: SSL-Explorer. This appears to offer what you need - SSL VPN accessible from any standard web browser. SSL-Explorer is available from http://sourceforge.net/projects/sslexplorer. While the free version may appeal to your cheapskate tendencies, if you are using it to provide access to a commercial network, you should consider the security and financial implications of incorrect installation or configuration.
If you have any doubts about your experience in this area, it may be prudent to consider SSL-Explorer Xtra ($490 for one to five users). This provides some extra software and, most importantly, commercial support. As is so often the case with open source, the choice is yours. Any form of encrypted communication is going to impinge on performance. This affects both SSH and SSL, and you need to ensure that your server is capable of handling the expected loads. One advantage of using SSL is that the use of certificates ensures that you are connecting to the correct server, which safeguards against anyone redirecting traffic to another server to harvest passwords and other data.
Follow us on Identi.ca or Twitter