quickie VPN notes

I looked quickly into setting up a VPN server on my Ubuntu box in a datacenter, for use with MacOS and iOS clients. Unimpressed with what I learned. Here’s some options. They all suck.

  • PPTP, the venerable Microsoft protocol. Relatively easy to set up on both server and client, but has a reputation for being insecure. Plus it’s PPP and old and has a bad smell to it.
  • L2TP over IPSec. Apparently the server is doable on Ubuntu, but a bit wonky. MacOS and iOS both have clients. I probably should try this, I just don’t like the description of how it works. Update: Josh J. suggested this guide for setup (site down; Google cache).
  • Cisco IPSec. Proprietary? End of life from Cisco? Seems like a road not worth looking down.
  • OpenVPN. This is Ubuntu’s recommended server. Naturally, MacOS has no client for it; people like Tunnelblick. There’s no iOS client either other than GuizmOVPN which requires a jailbreak. I briefly tried following Ubuntu’s guide for installing OpenVPN which starts with “copy these config files and then edit some stuff”. Only the list of things to configure is incomplete, the template config files have errors in them, and after setting it all up I’m told “No /etc/openvpn/easy-rsa/openssl.cnf file could be found. Further invocations will fail”. I imagine I could power through all this stuff but it’s clear OpenVPN is not ready for casual users.

Why is this so damned hard?

2 thoughts on “quickie VPN notes

  1. fwiw, we use openvpn. i think the mac users use the openvpn connect client. i can’t speak to that client, but i’m pretty happy with openvpn in general.

    we also like SPDY as a vpn proxy. might be worth looking into if you haven’t already.

  2. Thanks Ryan! Do y’all have a solution for iOS clients connecting to the VPN, or do you just skip it? And for SPDY you mean just using it as a web proxy?

Comments are closed.