rediscovering a fundamental truth of VPN hardware

  • Sun 19 July 2015
  • misc

You know, here in the future in 2015, some things oughtn't be hard. There's a fundamental truth to VPNs (of the LAN to LAN variety in this case, but it may hold for other appliance-y sorts of configurations too) that I re-taught myself today.

If you're looking for interoperability between different manufacturers of small VPN appliances... stop. Don't do it. You're way ahead of the game to get two appliances with similar software made by the same manufacturer (throwing one or both of your existing devices in the recycle bin), taking the defaults, and tweaking things delicately to your liking once you have the associations and such all working nicely.

Took me 1.5 hours to get LAN to LAN IPSEC configured on a pair of Mikrotiks (including initial out of box setup and fighting a Linux firewall issue) what I spent 7 hours failing at between Netgear and Cisco today. At my hourly rate I could have bought a flotilla of Mikrotiks.