Open source, enterprise-ready VPN solutions

1
1952

It so happened that one of my favorite tool for business connection – LinkedIn is blocked in Russia.
During the last years, you can use TorBrowser for LinkedIn communication. Of course, TorBrowser provides safety. However, this approach requires additional, mostly paid mobile applications and can reduce the internet connection speed.

An alternative approach is VPN. I found a few VPN ready-made services. However, it was not interesting for me using somebody’s installation. So my idea was transformed into the new one – installing a VPN server on my “training” server. And the first step – is choosing the solution.

OpenVPN

If you are googling “VPN open source server” you can find about 32,300,000 results. In top 5 you probably find OpenVPN. OpenVPN is one of the leading players and provides encryption of information via the IKEv2/IPsec protocol with an AES-256-CGM and 3072bit DH key (for Linux and Mac). This is one of the power solutions in the online privacy world.
OpenVPN has a strong and active developer community too. The releases happen frequently and allow to provide a high standard of safety.

SoftEther VPN

SoftEther VPN has a clone-function of OpenVPN Server. You can integrate from OpenVPN to SoftEther VPN smoothly. It has the interoperability with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients. SoftEther VPN is the world’s only VPN software which supports SSL-VPN, OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec, as a single VPN software.

Libreswan

Libreswan is a fork of the Openswan 2.6.38 created by almost all of the Openswan developers after a lawsuit about the ownership of the Openswan name was filed against Paul Wouters, the release manager of Openswan, in December 2012. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others. Libreswan uses the native Linux IPsec stack (NETKEY/XFRM) per default.

OpenConnect

It was originally written as an open-source replacement for Cisco’s proprietary AnyConnect SSL VPN client, which is supported by several Cisco routers. As of 2013, the OpenConnect project also offers an AnyConnect-compatible server, ocserv, and thus offers a full client-server VPN solution.

Tcpcrypt

Tcpcrypt works out of the box: it requires no configuration, no changes to applications
Tcpcrypt is opportunistic encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise, it will be in clear text. And your network connections will continue to work even if the remote end does not support Tcpcrypt, in which case connections will gracefully fall back to standard clear-text TCP. Opportunistic encryption on the Internet is described in RFC 7435 “Opportunistic Security: Some Protection Most of the Time”. Compared to TLS/SSL, tcpcrypt is designed to have a lower performance impact.

Comparing table

Solution Encryption, security, and authentication Mobile support Releases per year Initial release Additional information
OpenVPN OpenSSL, Hash-based message authentication code (HMAC), mbed TLS (previously PolarSSL).
Pre-shared key (PSK), certificate-based, username/password-based
Support by applications constantly ˜6 13 May 2001 Performance tests
SoftEther VPN SoftEther VPN Protocol (Ethernet over HTTPS) OpenVPN (L3-mode and L2-mode) L2TP/IPsec MS-SSTP (Microsoft Secure Socket Tunneling Protocol) L2TPv3/IPsec EtherIP/IPsec Support IPhone/IPad and Android rarely ˜1 2014 Requirements.
Libreswan RFC + IETF drafts, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others. Libreswan uses the native Linux IPsec stack (NETKEY/XFRM) per default. support by using IKEv1 or IKEv2 constantly ˜8 2013
OpenConnect by applications rarely 2009
Tcpcrypt not support rarely ˜0.2 2010 does not support IPv6; does not support mobile

If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here