By chienr on Dec 18, 2007
Today I went to the installfest at MPK17, and under Dan McDonald's guidance, successfully installed punchin on my Powerbook running OS X 10.4.11. It took less time—about 20 minutes—than I expected, even though we had to re-install the client after realizing what I had the first time wasn't the latest version (Punchin 2.1.0 for OS X).
Punchin is a secure remote access solution at Sun that is currently used by over 1,000 employees. Unlike Cisco's VPN client, punchin uses the native TCP/IP stack with IPsec and IKE on a platform, so there's no need for third-party kernel extension, which leads to better stability.
These are the commands I learned (punchctl is found under
/usr/local/bin so make sure it's in
~$ punchctl configure (gathers preferences and generates keys)
~$ punchctl start
~$ punchctl stop
~$ punchctl cleanup_local (is like stop but doesn't talk to the remote gateway)
The only difference I've noticed is that punchin connection persists (or perhaps re-establishes is the more correct term) when the laptop awakes from sleep. Per Dan, the maximum idle timeout is four hours. This is a time-saver for me as I often close the lid on my laptop before carrying it to another part of the house, only to realize upon wake up that VPN got disconnected, and have to make another trip to get my token card.
On the flip side, establishing punchin connection takes noticeably longer (3-4 times that of Cisco's solution). According to others, it's faster once the tunnel is up, but I haven't noticed any significant difference in speed myself.
Punchin is available on Solaris, Mac OS X and Linux.
[UPDATE Dec 19, 2007] The slower startup is due to quirks in IPsec on Mac OS X.