L2TP is quite old, itself does not provide encryption or confidentiality to traffic passes thru it. L2TP/IPsec encapsulates data twice at layer 2, it has pros and cons. See this -> <a href="https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs-sstp-vs-ikev2/" rel="nofollow">https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs...</a><p>IKEv{1,2} + IPsec (tunnel mode) is recommended. strongSwan is probably the best free, open source IPsec solution out there (much better than libreswan...), very good documentation and examples etc, actively developed and maintained by a bunch of passionate guys that knows the stuff.<p>Our company (pre-IPO startup) has been using strongSwan for 2+ years as site-to-site solution from on-premises data centres to AWS VPC, proved to be rock solid as long as it's properly configured ;-) The only drawback is that strongSwan currently does not have a mature HA solution but it's shaping up (5.4.0 introduced IKEv2 redirect). Hopefully a proper HA solution will be built on top of that and later productized ;-)<p>BTW: I myself have been using strongSwan since 5.0.x for remote access, to protect privacy, fight censorship (yes, originally from China mainland where GFW is in place, etc...). The native strongSwan client for Android is a killer ;-)<p>HTH
Probably a silly question but what will I do with this?<p>I have a personal DO OpenVPN proxy setup because my country (Pakistan) censors internet, which I made following the DO guide [1]. I set it up a while ago, and it was mostly copying commands.<p>Will this allow me to use Tunnelblink and use my VPN as a proxy? Will it let me connect my machines to each other a VPN? What's the motivation for a setup like this.<p>[1]: <a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04" rel="nofollow">https://www.digitalocean.com/community/tutorials/how-to-set-...</a>
<a href="https://github.com/trailofbits/algo" rel="nofollow">https://github.com/trailofbits/algo</a> and <a href="https://github.com/jlund/streisand" rel="nofollow">https://github.com/jlund/streisand</a> are also great alternatives.
You could also get CoreOS and a container with openvpn in a few lines <a href="https://github.com/kylemanna/docker-openvpn" rel="nofollow">https://github.com/kylemanna/docker-openvpn</a>
My experience with openvpn is abysmal. It is slow, tunnels tcp-over-tcp the wrong way[0], tunnels udp-over-tcp the wrong way, and the connections were quite fargile.<p>Does anyone have alternatives to recommend? SoftEther looks like the bees knees from the website, but I haven't found trustworthy reviews from real users.<p>[0] <a href="http://sites.inka.de/bigred/devel/tcp-tcp.html" rel="nofollow">http://sites.inka.de/bigred/devel/tcp-tcp.html</a>
<a href="https://github.com/hwdsl2/setup-ipsec-vpn" rel="nofollow">https://github.com/hwdsl2/setup-ipsec-vpn</a> has one-click options for DigitalOcean (<a href="http://dovpn.carlfriess.com/" rel="nofollow">http://dovpn.carlfriess.com/</a>) and others
I made a project like this as well, but with Ansible. I submitted a separate post for that but won't link it here out of courtesy. <a href="https://github.com/robbintt/popup-openvpn" rel="nofollow">https://github.com/robbintt/popup-openvpn</a>
Do anyone know about a good user friendly OpenVPN client for Windows? The official one requires a lot of fiddling with administrator permissions to work, which most non tech people have no chance to do successfully.
Take a look at dockerized alternatives too. Makes it a lot easier.<p>For example <a href="https://hub.docker.com/r/siomiz/softethervpn/" rel="nofollow">https://hub.docker.com/r/siomiz/softethervpn/</a> outputs the config file to stdout so you can just run it, get the config with docker logs and connect.
I've been using pivpn[0] for about a year now (first on a raspi, and now on ubuntu 16.04 server). Wraps all the basic commands like client cert gen and revocation. Many sensible defaults.<p>[0] <a href="https://github.com/pivpn/pivpn" rel="nofollow">https://github.com/pivpn/pivpn</a>
I follow this guide for setting up OpenVPN: <a href="https://www.tinfoilsecurity.com/blog/dont-get-pwned-on-public-wifi-use-your-own-vpn-tutorial-guide-how-to" rel="nofollow">https://www.tinfoilsecurity.com/blog/dont-get-pwned-on-publi...</a>
by only looking at the source (haven't installed it) I'm guessing this leaks ipv6 addresses and probably shouldn't be used. this is the second openvpn install script to match that description today.
<a href="https://github.com/Nyr/openvpn-install" rel="nofollow">https://github.com/Nyr/openvpn-install</a> with a budget $15/year vps and you're good for personal needs.<p>That said, this is a great write-up and I'm sure very helpful to those that need to set up a more custom/mission critical development.
An easier alternative is to tunnel everything through a SSH connection.<p>I use putty tunneling+proxifier (on windows) and a python script on my ubuntu box (The name is escaping me at the moment).<p>It's very simple to setup, doesn't require a ton of configuration, and can be just a secure as a VPN connection.<p>I've never been a fan of OpenVPN. Configuration is cumbersome and performance wasn't that great.