[geeks] VPN behind BT Business Hub 5

[Mike Meredith]

On Wed, 3 Jun 2015 11:20:32 -0400, Cory Smelosky wrote:
> IPSec may be a problem due to its depending on GRE, I'm unsure how
> the pass through works though.

Being in the middle of an enterprise VPN rollout, my preferred option
when asked to roll out a VPN is to hide behind the sofa in a foetal
position making whimpering noises. 

Ssh tunnels are good fallback option and good to have working for when
the 'real' VPN breaks.

OpenVPN is probably the easiest way to go. The only thing that would
worry me about it is that it's an SSL VPN. As there's no standard for
SSL VPNs, I'm not in favour of it (but I'm just being picky although
it's telling that the VPN I'm rolling out supports a proprietary SSL
VPN but if you turn on IPsec it uses that in preference to the SSL VPN).

IPsec: Be prepared for a world of pain, but it is the standard. Part of
the problem is that it was specified by people who believe that NAT is
an abhorrent crime against nature (I agree!), so using it behind a NAT
box is "interesting". I suspect as you've got a hub with "business" in
the name, you shouldn't have trouble with IPsec being unintentionally
blocked.

If you want to go for the coolest[0] VPN out there, I'd have a look into
SoftEther_VPN which supports IPsec, SSL VPN (openvpn), DNS & ICMP VPN.
No idea how stable it is, but running a VPN over DNS queries sounds
like fun :)

[0]: Being over 40, I have to apologise for using the word "cool" :)

-- 
sigmonster: core dumped