Real World Computing
Open-source VPN
We elected to try out SSL-Explorer using a Windows server. Again, download and installation were simple, but configuration took some thought. On reflection, that wasn't because the system was hard to configure, but rather because the only way we could get into the application was via a 400-page administrator's manual. We could have done with a "Getting Started" manual. Once you get over this hurdle, the system is easy to configure via the web interface. You need to set up users for the system and then set up their access rights: you can set up web forwards so they can access web servers, network places so they can access shares, and application shortcuts to access various network-based applications like terminal servers and VNC servers. When a user logs in, they can see what they have access to and then select it. You can also set up arbitrary "per application" tunnels to allow access to resources such as mail servers.
Again, we managed to get everything up and running, and using the web interface makes the system easy to configure, with a great deal of useful help information and prompting. The users log in to the same web interface and again they get access to the services they want quickly. The proxy interface is slightly fiddly, because you need to work out how to access the local proxy when you're outside of the office, which potentially means you may have to use different addresses to access your mail server inside and outside. However, you can get full network access such as OpenVPN, but only if you pay for the enterprise version. SSL-Explorer is an interesting and good product, which provides much finer control over what a user has access to, and can be used in different environments from OpenVPN.
OpenVPN and SSL-Explorer represent quite different approaches to building a VPN and to open source. OpenVPN is a "pure" open-source product with no restrictions on what you get and how you use it, but also without commercial support, while SSL-Explorer is a commercial open-source product, where the community edition provides you with a taster of what you'll get if you spend money on it. We went for OpenVPN, which does what we want, works on all the platforms we have and offers a simple, resilient solution.
