On Wed, Mar 28, 2007 at 08:06:54PM +0100, Stephen Borrill wrote:
> I think it's pretty easy to set up compared to IPSec, ...

That depends. If you e.g. use the Cisco client to talk to a NetBSD VPN servers
things aren't that bad.

> ... plus it's extremely firewall friendly

NetBSD's IPsec supports NAT-T which allows firewall traversal, too.

> ... (you can even tunnel out through a webproxy).

But you don't want to do that because tunneling TCP through TCP is a
really bad idea in general.

A general advantage of IPsec is the better performance. The VPN server.
doesn't have to move data from kernel to userland and back.

	Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/