Don Coleman
asked on
Zyxel VPN Client free alternatives.
Hello, I have a Zyxel USG 50 and was told to use the IPSEC I would have to purchase licenses of the client. Is there an alternative VPN client that can be use because the IPSEC licenses are a little steep. If so also would be nice to have a configuration guide for the client. I have looked into Shrewsoft but the guide on there sight does not seem to work when configuring. Any help would be appreciated thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
openvpn doesn't support IPSEC. and OpenVPN is resource heavy for USG type of boxes.
while it accomodates 50 IPSEC tunnels.
BTW, on the openswan site there is a lot of info about settingup IPSEC also on windows with minimal use of tooling.
while it accomodates 50 IPSEC tunnels.
BTW, on the openswan site there is a lot of info about settingup IPSEC also on windows with minimal use of tooling.
Yap missed that as focus on free kit ;) thks
http://openvpn.net/index.php/open-source/341-openvpn-compatibility.html
Is OpenVPN standards-compliant?
As a user-space VPN daemon, OpenVPN is compatible with SSL/TLS, RSA Certificates and X509 PKI, NAT, DHCP, and TUN/TAP virtual devices. OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP.
http://openvpn.net/index.php/open-source/341-openvpn-compatibility.html
Is OpenVPN standards-compliant?
As a user-space VPN daemon, OpenVPN is compatible with SSL/TLS, RSA Certificates and X509 PKI, NAT, DHCP, and TUN/TAP virtual devices. OpenVPN is not compatible with IPSec, IKE, PPTP, or L2TP.
The problem with openvpn is exactly that TCP/Ip is used as transport.
Also for lossy protocols like sctp or udp. Packets will arrive even if too late (in case of delays).
Also a line with packet loss will behave rather badly, as it needs to wait for retransmits.
IPSEC just follows the IP standards. Also because of userspace processes, each session will cost quite a lot of memory, which isn't availble in USG-50 type of devices.
Also for lossy protocols like sctp or udp. Packets will arrive even if too late (in case of delays).
Also a line with packet loss will behave rather badly, as it needs to wait for retransmits.
IPSEC just follows the IP standards. Also because of userspace processes, each session will cost quite a lot of memory, which isn't availble in USG-50 type of devices.
http://zeroshell.org/openvpn-client/