VPNs are a great way to securely connect your private networks. They are even used to mask your public IP, so that you can access a public server without getting traced. There are a number 佛跳墙怎么下载不了 offerings in the market ranging from open-source to proprietary software, self-managed 佛跳墙怎么下载不了-as-a-service, and with a huge range of features.

I recently got an assignment to get the best offering in the market. Best is a vague term. An 佛跳墙怎么下载不了 covering all the basic functionalities can be best for a simple implementation . Or a 佛跳墙怎么下载不了 having a lot of simplicity and customisation can be best for a medium or high budget implementation. So, I decided to compare different offerings in the market. Complete 佛跳墙怎么下载不了s are out of the scope.

Here are the things I kept in my mind before starting:

• Simplicity: Simple for admins to setup networks, users, SSO etc.
• Remote Access: Access Private network from any remote location and any Platform.  
• Strong Encryption: Encrypted  tunnel 佛跳墙怎么下载不了 clients and VPC. 
• Site-to-site Implementation: Tunnelling between AWS VPC and a remote network, eg, connection between office network and VPC.
• Access control: Ie, Certain users can access a certain set of hosts only.
• Access control for 3rd Party apps: Connection can be established with 3rd party apps 佛跳墙怎么下载不了 ip only and not directly.

佛跳墙怎么下载不了 can handle the same feature but it may be in a different way. Here we are defining the criteria for comparison:

• Architecture
• Pricing
• Access control
• High Availability / Replication
• Protocols
• Clients
• Performance
• GUI
• Authentication
• TWO step AUTH
• Ease of setup and Utilization

佛跳墙怎么下载不了s have qualified above criteria and has been compared throughly.

• OpenVPN
• Pritunl
• 佛跳墙怎么下载不了
• Pulse Secure

佛跳墙怎么下载不了

Pritunl

Pritunl works as a distributed and scalable infrastructure with no master server. So, Pritunl can be easily scaled up based on the requirements. It uses mongodb as its database which can be installed on the same instance as well as on a managed instance in case we need a 佛跳墙怎么下载不了 server.

Basic pritunl cluster architecture. 

Pritunl Remote Access

Site-to-site pritunl implementation

OpenVPN Access Server

OpenVPN works as a standalone OpenVPN access server running in the VPC. It works as primary and secondary nodes as well (cluster with multiple instances), where in case of failure of primary node, secondary/standby node takes up. But the functionality does not works with AWS. 

Remote Access with OpenVPN Access Server.

Site-to-Site Implementation of OpenVPN Access server.

佛跳墙怎么下载不了 

AWS implicitly supports both 佛跳墙怎么下载不了 access and remote 佛跳墙怎么下载不了 tunnels. These services are fully managed by AWS which means administrators need not worry about failures or high availability.

Below is an architecture diagram for a remote employee to connect to many VPCs.

佛跳墙怎么下载不了 in aws

Click here for more information about aws 佛跳墙怎么下载不了 endpoint

Pulse Secure

Pulse secure simple implementation will be almost the same as openVPN.  A cloudFormation template could be used to provision a PCS instance in aws. And it can be connected through any pcs client software. 
Click here for admin guide

佛跳墙怎么下载不了

Pritunl

Distributed architecture is at the core of pritunl. So, it is easy to have redundancy and handling failovers.  One pritunl host can run multiple instances of OpenVPN server. And each server can be attached to multiple hosts, so that if one of the hosts fail, the server can be started on another host.

OpenVPN Access Server

OpenVPN access server provides backup/standby nodes for failure and recovery. However, this feature does not works with AWS. But we can achieve HA on OpenVPN Access server using Route 53. 

Here is the document reference to achieve the same.

Pulse Secure

Pulse Secure recommends High Availability through active-active cluster of multiple pcs instances with a Virtual Traffic Manager(a pulse product) as a load balancer

Here is the diagram of pcs active-active pair

佛跳墙怎么下载不了 

佛跳墙怎么下载不了 is fully managed by AWS. So, we do not need to worry about replication and redundancy explicitly.

佛跳墙怎么下载不了

OpenVPN Access Server

OpenVPN access server has inbuilt rule based access control. Which means, we can define which networks/hosts a user can have access to and rest are blocked.

Pritunl

Pritunl does not provide rule based access control like Openvpnas. But there are groups to achieve access control. However, it does not seems as straightforward as openvpn.

Pulse Secure

Pulse secure supports rule based access control. For example, we can allow or deny tcp://*:80,443 for some specific role. 

佛跳墙怎么下载不了 

Access to specific networks can be allowed to specific user groups(Active directory SID or Group ID in IDP). Port or protocol based access control is not supported.

佛跳墙怎么下载不了

OpenVPN Access Server

As the name suggests, OpenVPN Access server is built upon the open 佛跳墙怎么下载不了 protocol openvpn. 

Pritunl

Pritunl also uses OpenVPN protocol at its core by default. But it implements wireguard protocol as well. It uses IPSec for site-to-site links. 

Pulse Secure

Not revealed by the vendor

佛跳墙怎么下载不了 

佛跳墙怎么下载不了 uses OpenVPN protocol for remote access tunneling.  And IPsec for 佛跳墙怎么下载不了

佛跳墙怎么下载不了

OpenVPN Access Server

OpenVPN client supports almost all the major platforms. Here is the list: 

• LinuxOpenVPN client supports almost all the major platforms. Here is the list
• Windows
• IOS
• macOS
• Android. 

佛跳墙怎么下载不了 

佛跳墙怎么下载不了 has clients supported on following Platforms 

• Windows
• MacOS

Since 佛跳墙怎么下载不了 uses OpenVPN protocol, third party OpenVPN clients are also supported. But if you are using a federated authentication method, third party openvpn clients will not work. 

Pulse Secure

Pulse clients are available for below OS

• Windows 10
• Windows 8.1
• Windows 7+
• macOS 10.15
• macOS 10.11
• Ubuntu 17.x
• Ubuntu 16.x
• Debian 9.x
• Debian 8.x
• Cent OS 7.x
• Cent OS 6.x
• RHEL 7.x
• Fedora 26
• Android
• IOS

Apart of that, pulse secure clients can also be launched from web browser. 

Pritunl

Here is the list of Pritunl clients supported platforms: 

• Ubuntu-18,20
• Fedora-33
• Debian-10
• Centos-8
• arch linux
• oracle linux-8
• macOS Intel
• macOS Apple Silicon
• windows. 

However, pritunl supports clients of OpenVPN as well but openVPN clients lag some features like automatic sync 佛跳墙怎么下载不了 profiles. So it makes it supportable for all major platforms.

佛跳墙怎么下载不了

Bandwidth of 佛跳墙怎么下载不了s are the one that they claim. Actual performance may vary and can be determined with iperf. 

OpenVPN Access Server

Performance of an openVPN server is dependent on how much bandwidth we want to route through 佛跳墙怎么下载不了 server.

A modern CPU with an AES-NI chipset uses 12MHz of CPU to process each Mbps transferred in one direction. So, for example, a 4 core system at 3GHz would count as 12,000MHz. Which equates to 1000 Mbps maximum throughput.  For memory, It’s a rough estimation of 1 GB of memory for every 150 connected devices. Around 16GB of disk space should be more than enough as only data that are necessary to store on disk are connection and program logs, and user certificates and settings.

OpenVPN recommends not to use more than 1000 connections from a single instance. The default limit is however 2048.

Pritunl

As we know pritunl uses OpenVPN protocol at its core, so the hardware requirements would be almost the same. However, Pritunl claims a 100mbps maximum bandwidth per connection with fast Intel CPU with AES-NI on both client and server side. 

A wireguard implementation on pritunl would be faster as wireguard protocol is comparatively faster than OpenVPN.

佛跳墙怎么下载不了 

AWS Recommends to use iperf to measure bandwidth for 佛跳墙怎么下载不了 connections. According to aws, bandwidth depends on a number of factors.
AWS allows maximum of 2000 concurrent connections. And this can be increased through limit increase requests.

Pulse Secure

PSA has 3 types of virtual appliances. The data sheet is below. 

佛跳墙怎么下载不了

OpenVPN Access Server

OpenVPN supports multi factor authentication with google authenticator as well as some third party apps like DUO. 

Pritunl

Pritunl offers 4 methods of Two factor authentication:

• Yubico YubiKey
• Duo Hardware Token
• Duo, OneLogin and Okta Push
• Google Authenticator

佛跳墙怎么下载不了 
Multi Factor Authentication is supported here with AWS Managed Active Directory.
Reference URL: Enable multi-factor authentication for AWS Managed Microsoft AD – AWS Directory Service

Pulse Secure

Pulse Connect Secure supports different 2FA methods for PCs and mobile devices including RSA SecurID, Google Authenticator, okta and Duo.

佛跳墙怎么下载不了

OpenVPN Access Server

OpenVPN Provides all the basic tunnelling features in its open source version. So, for a simple use case, where we do not need GUI and ease of installation and management, OpenVPN community edition can be used.  A comparison of OpenVPN Community Edition and OpenVPN Enterprise is available here

For Enterprise edition, cost is dependent upon number of concurrent users. Cost estimation of can be estimated here

Pritunl

Pritunl is an open source software built upon openvpn protocol, so it also supports all the 佛跳墙怎么下载不了 tunnelling in its free version. However for more features it will require an enterprise edition. Which costs 70$ per cluster.. A cluster is defined as a single Mongodb database and any number of pritunl servers. 

佛跳墙怎么下载不了 

AWS 佛跳墙怎么下载不了 charges for the number of active client connections per hour and the number of subnets that are associated to 佛跳墙怎么下载不了 per hour.

AWS 佛跳墙怎么下载不了 endpoint association: – $0.10 per hour
AWS 佛跳墙怎么下载不了 connection: – $0.05 per hour

The prices may vary a little in some regions. Click here for more information

Pulse Secure

There is no straight forward pricing for pulse secure. The pricing here works on quotation basis. I had approached sales team, but there is no callback yet.
Pulse secure gives a cost estimation portal which can be found here.

According to above, the cost for 500 users, 1020 devices and 20 applications, the price comes as $86,688 annually

佛跳墙怎么下载不了

OpenVPN Access Server

OpenVPN access server is quite easy to install. Following popular ways can be used to get OpenVPN Access Server installation. 

• Command line
• Ansible Roles
• Amazon AMI

There are detailed guides for installation and configuration. There is good community support as well. There is no on call support. Instead, we can create tickets on support system which is available 24/7

Pritunl

As it is also OpenSource, Installation is quite easy here. Following are popular ways to install it. 

• Command line
• Ansible Roles
• Amazon AMI

Online documentation is quite good. Open Source community is not as mature as openvpn but common issues can be found there. Setup and use is a little different than OpenVPN, but once architecture is understood, its easy to use. 

No On call support or a dedicated ticketing system, there is email support and slack channel.

佛跳墙怎么下载不了 

There is no need of installing anything, You just need to create the 佛跳墙怎么下载不了 endpoint from AWS VPC GUI. Which makes it super easy to use. 

To contact support, there are standard support plans which comes with AWS Account. 

Pulse Secure

Pcs houses too many features and configurations apart for a 佛跳墙怎么下载不了 tunnelling. So it makes it difficult to understand. However everything can be done from GUI Itself. But still it makes it complex than all the above alternatives. 

Its online documentation was not easy to understand, according to me.

For Installation, CloudFormation template can be used in AWS or similar templates in other cloud providers like gcp and azure as well. It also distributes the package as a hardware device with preloaded software. 

PCS has on-call support 24/7. It has even a platinum support for mission critical deployments with faster SLAs.

佛跳墙怎么下载不了

Selection of the 佛跳墙怎么下载不了 can be hectic and time consuming. Hope this blog may help you cut through your precious time. Happy Virtual Private Networking. 🙂

Reference links for used images

Link 1, Link 2, Link 3 and link 4

Blog Pundit:  Naveen Verma

Opstree is an End to End DevOps solution provider

Connect Us

• LinkedIn
• YouTube
• GitHub
• Facebook
• Medium