1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

openVPN vs commercial solutions

Discussion in 'Tomato Firmware' started by ng12345, Jun 15, 2008.

  1. ng12345

    ng12345 LI Guru Member

    From a security point of view, I was wondering what the differences were between an openVPN solution running off a linksys router and the commercial solutions offered (like sonicwall). More importantly, can a tomato flashed linksys router run vpn with a similar level of security when compared to commercial small-business solutions?
  2. bhlonewolf

    bhlonewolf LI Guru Member

    There really aren't major security differences between most "standard" VPN solutions. Theoretically speaking you find some that talk about potential weaknesses -- ie, in PPTP. Sometimes it's hard to tell because many of these security articles reference outdated versions.

    At any rate, I run OpenVPN through Tomato (the endpoint is not Tomato, but rather a server behind the router). I like it because it's moderately easy to set up, but very friendly for NAT. I've tried it from tons of locations (through modems, cell phones, coffee shops, etc.) and it always works.

    I abandoned PPTP simply because it wasn't as NAT friendly.

    As for running on Tomato: IMHO the 2 biggest issues are: performance (for a single occasional user, no problem. But most routers can't handle the load of multiple users). As a security point of view, I imagine the router itself is more of a target than the VPN stack. A hacker looking to "break in" would compromise your router, not the VPN traffic, I would think. Hence, disabling external administration and such is a good idea.

    Just my opinions...
  3. ng12345

    ng12345 LI Guru Member

    thanks for the reply -- my goal is to connect two branch offices to a main office via vpn (so it would be 3 routers interfacing with each other through vpn).

    i'm comfortable in setting up openvpn on tomato (linksys routers) to create the links, and in the end it will save quite a bit of money in equipment, support fees, setup hassles, etc (as compared to a commercial solution like sonicwall).

    in total there are 10 computers at each branch site that will be accessing a server behind the router at the main site (over terminal services).

    currently everything is linked through high encryption terminal services (but no vpn) -- but don't know if the extra security through vpn will do anything
  4. HennieM

    HennieM Network Guru Member

    IMHO, OpenVPN is more secure than most commercial VPN solutions out there. OpenVPN uses the same security that's used to protect secure web sites. This is proven technology. IPSec and other VPN solutions don't do any better, but have additional flaws (IMO). From http://openvpn.net/
    I reckon if I can spend dollars over SSL/TLS to an online shop, I can, without much of a worry, use the same technology to protect my VPN.

    On a router though, one should take care to protect the router, or the whole router, including OpenVPN, can be compromised.

    If you don't want to run OpenVPN on your routers, you can do so from PCs/servers behind the routers - it still costs nothing save for the time to configure it. I do so, and I generate my own certificates, so only certificates generated by me (and password protected by me) can be used to make connections to my VPN.

Share This Page