Difference between revisions of "Bering-uClibc 6.x - User Guide - Advanced Topics - Setting Up a Virtual Private Network"

From bering-uClibc
Jump to: navigation, search
(Created as skeleton for further content)
(No difference)

Revision as of 22:21, 16 March 2018

Advanced Topics - Setting Up a Virtual Private Network
Prev Bering-uClibc 6.x - User Guide Next


Introduction

The whole topic of Virtual Private Networks can appear somewhat confusing at first sight since there are several different use case scenarios (e.g. remote access versus site-to-site VPNs), several different VPN tunnel encryption solutions (e.g. SSL/TLS versus IPsec) and several more authentication solutions (e.g. X.509 PKI certificates, Pre-Shared-Keys or EAP - much the same options as exist for WiFi networks). Furthermore, there are different open source implementations of some of the protocols (e.g. OpenSwan versus StrongSwan versus LibreSwan).

In practice, things aren't as complex as they first appear because there are only really two underlying encryption solutions (SSL/TLS and IPsec) and - if the intention is to support a proprietary device such as a commercial smartphone as the VPN client - several constraints are imposed by the client-side VPN implementation which limit the options at the server-side.

Fundamentally, for Bering-uClibc 6.x, it comes down to choosing between:

  • Using the StrongSwan package (strongswan.lrp) to implement an IPsec-based VPN
  • Using the OpenVPN package (openvpn.lrp) to implement a TLS-based VPN
  • What about eoip.lrp which references http://code.google.com/p/linux-eoip/ - a MikroTik-specific Ethernet over IP protocol?


StrongSwan

TODO


Appendices

VPN Client Notes

iOS VPN Options

As of Apple iOS version 11, the VPN options supported by the standard VPN client implementation are:

  • IKEv2
  • IPsec
  • L2TP

Android VPN Options

As of Android version 6.0, the VPN options supported by the standard VPN client implementation are:

  • PPTP
  • L2TP/IPsec PSK
  • L2TP/IPsec RSA
  • IPSec Xauth PSK
  • IPsec Xauth RSA
  • IPsec Hybrid RSA



Prev Up Next