Difference between revisions of "Bering-uClibc 6.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network"
(Created as skeleton for further content)
Revision as of 22:21, 16 March 2018
|Advanced Topics - Setting Up a Virtual Private Network|
|Prev||Bering-uClibc 6.x - User Guide||Next|
The whole topic of Virtual Private Networks can appear somewhat confusing at first sight since there are several different use case scenarios (e.g. remote access versus site-to-site VPNs), several different VPN tunnel encryption solutions (e.g. SSL/TLS versus IPsec) and several more authentication solutions (e.g. X.509 PKI certificates, Pre-Shared-Keys or EAP - much the same options as exist for WiFi networks). Furthermore, there are different open source implementations of some of the protocols (e.g. OpenSwan versus StrongSwan versus LibreSwan).
In practice, things aren't as complex as they first appear because there are only really two underlying encryption solutions (SSL/TLS and IPsec) and - if the intention is to support a proprietary device such as a commercial smartphone as the VPN client - several constraints are imposed by the client-side VPN implementation which limit the options at the server-side.
Fundamentally, for Bering-uClibc 6.x, it comes down to choosing between:
- Using the StrongSwan package (strongswan.lrp) to implement an IPsec-based VPN
- Using the OpenVPN package (openvpn.lrp) to implement a TLS-based VPN
- What about eoip.lrp which references http://code.google.com/p/linux-eoip/ - a MikroTik-specific Ethernet over IP protocol?
VPN Client Notes
iOS VPN Options
As of Apple iOS version 11, the VPN options supported by the standard VPN client implementation are:
Android VPN Options
As of Android version 6.0, the VPN options supported by the standard VPN client implementation are:
- L2TP/IPsec PSK
- L2TP/IPsec RSA
- IPSec Xauth PSK
- IPsec Xauth RSA
- IPsec Hybrid RSA