Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 27 November 2024, 09:18:01 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  what's the difference between Endian and pure openvpn
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: what's the difference between Endian and pure openvpn  (Read 14383 times)
yesmat
Jr. Member
*
Offline Offline

Posts: 4


« on: Thursday 21 January 2010, 10:08:07 am »

Hi All,

I am looking for an appropriate openvpn solution that allows SNMP access to remote linux server clients over the internet. One option is to build a central CentOS server and configure that with the openvpn software. The other option is to of course use Endian firewall and make use of the openvpn component of it.

My question is: what is the difference between the two and why would we use one over the other. If the firewalling component of the Endian firewall is the only difference? then we could still use iptables on the CentOS server which will probably do the same thing. I believe there has to be some subtle differences between the way openvpn itself works in both scenarios.

One think I hve noticed myself is licensing. With our openvpn server we have to purchase licenses for remote clients while with Endian firewall there doesn't seem to be any licensing requirements and obviously based on the hardware that we are using we could ially terminate 100s of remote linux clients.

Your feedback and comments are highly appreciated.

Cheers
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Saturday 23 January 2010, 09:34:01 am »

The same difference between a car and a train.
A car (efw) has wheels (OpenVPN).
And a train (CentOS) has wheels too (OpenVPN), but you can't compare them.

You can compare one Firewall with an OS.

Endian is a mid-size enterprise firewall, on top of a Linux OS. CentOS is a Linux OS, just that.
Differences? Firewalling, routing, content-filtering, Proxies for HTTP,POP3, tight OS aimed to security, etc....

I think that OpenVPN community is free for any OS: http://en.wikipedia.org/wiki/OpenVPN
Logged
kcwhited
Jr. Member
*
Offline Offline

Posts: 8


« Reply #2 on: Thursday 28 January 2010, 07:49:42 am »

The difference between Endian and installing openvpn on your own would be complexity,  if you can switch your firewall to use Endian the Openvpn implementation in Endian is very simple to configure,  configuring openvpn otherwise requires more of your time and patience to read, read and then read some more...

My suggestion having used openvpn both ways, is to use endian,  pure openvpn as you call it has a gazillion options and differnet levels of security but the Endian implementation is the simplest to manage and still secure enough for all but the largest government and Enterprise organizations.
Logged
yesmat
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Thursday 28 January 2010, 05:55:29 pm »

Thanks kcwhited. I have used openvpn that was manually built on a centos server and that was ok. But as you mentioned Endian makes it easy to understand and also to chose the model of authentication you want. But there are other differences:

one of them is architectural, with Endian your ssl tunnel between the firewall and all your remote clients is addresses out of the LAN address space that's behind the firewall (trusted). This in my book not ideal. I wish we could separate bot.


Example:

LAN (trusted) subnet is 10.1.1.0/24
SSL Tunnel subnet is 192.168.1.0/24

is this possible?

thanks again
Logged
kcwhited
Jr. Member
*
Offline Offline

Posts: 8


« Reply #4 on: Thursday 04 February 2010, 07:24:12 am »

I see nobody replied,  I am sure its possible, but you would have to edit the config files directly as it doesn't appear possible from the gui.  Not to offend the Endian users, but Checkout untangle if you want simple vpn and seperate subnet for VPN users...  Untangle works well, I just didn't like the candy coated GUI, Endian has much more control and many more features.  I do like the vpn implementation in Untangle,  they have great method to deploy and even revoke individual user certificates for vpn authentication,  the only issue I have is more of an issue with Openvpn,  on Windows Vista and I assume Windows 7 would have the same issue,  you have to run openvpn as an administrator to be able to set the routes (because it is using a dedicated VPN subnet)  I hate giving users Admin access so I hope we are able to get around that issue some day.  There are work - arounds but they basically require running VPN as a service which I wasn't excited about for my system.
-Kevin
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com