VPNs I currently run a L2TP from a Synology NAS When I need it, I will ssh into the NAS or a Ra...

[G+_Eddie Foy]

VPNs

I currently run a L2TP from a Synology NAS.

When I need it, I will ssh into the NAS or a RasPi (non standard external ports) from the road, then bounce ssh to my router and pop open the VPN ports.

 

Would I be better off using the VPN in the Cisco router? (Cisco IPSec)

Is the Cisco VPN easy enough to turn on/off like I do in the above?

 

And any advantage to OpenVPN over L2TP?

 

I'm mainly using Macs and once in a while Linux.  Don't see a need, for me, to have Windows in the mix.

[G+_Adam EL-Idrissi]

Openvpn vs l2tp/ipsec/ppptp,open vpn. Most secure. Also has support for Mac os x and linux. On my mini I use tunnelblick which I believe openvpn refereed me to.

 

http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

Synology supports openvpn as well.

 

Never really used Cisco gear so not sure about that. Personally not a fan but that's another subject.?

[G+_Eddie Foy]

Thanks.  The OpenVPN set up went well.  And its only a single port to pop open over the 3 for L2TP/IPSec.

 

Using tunnelblick also.  Odd quirk is it seems to take 2 shots to connect.  (not a prob)

[G+_Ben Tyger]

Eddie Foy Do you spin down your HDs on the NAS? The two connections attempts is often because the first connection wakes up the drives but the connection times out before drives cone up to speed. By the time the second attempt comes around, everything is working fine.

[G+_Ben Reese]

It seems like your VPN may be more secure than SSH. Is that not the case?

[G+_Eddie Foy]

All depends on the cipher ssh uses.

But tossing the external ssh to a  non standard hight port, it helps (a tiny bit.  nmap will still find it)

 

ssh is a TCP based while VPN is typically UDP based.  And on that, I tend to lean towards TCP since there is a bit a verification that packets did arrive.

[G+_Ben Tyger]

There's a big different between SSH and a VPN. Most VPNs encapsulates all IP protocols.

 

SSH tunnels are really designed to push TCP traffic over them. Running UDP basses programs over SSH tunnels is notoriously problematic.