IPsec |
OpenVPN |
VPN technology standard |
Not compatible with IPsec |
Hardware platforms (devices, appliances) |
Only in computers, but in all available operating systems are beginning to be devices with OpenVPN |
Known and proven technology |
Tested and continues to grow |
Many graphical interfaces available |
No professional graphics interfaces, although there are some promising projects |
Changing the IP stack complex |
Simple technology |
Requiring modifications to the kernel reviews |
Network interfaces and standardized packages |
Need administrator permissions |
Runs in user space and can be chroot-ed |
Different implementations from different vendors may be incompatible with each other |
Standard encryption technologies |
Complex configuration and complex technology |
Easy, well-structured, modular technology and ease of configuration |
Steep learning curve |
Easy to learn and implement (even for beginners) |
Need to use multiple ports and protocols in the firewall |
Use only one port of the firewall |
Problems with dynamic addresses at both ends |
Work with dynamic server names like DynDNS or No-IP with fast and transparent reconnection |
Security issues IPsec technologies |
SSL / TLS encryption standard |
|
Traffic control (Traffic shaping) |
|
Speed (20 Mbps over 1Ghz machines) |
|
Support firewall and proxies |
|
No problem with NAT (both sides can be NATed boxes networks) |
|
Possibilities for road warriors |