From owner-freebsd-net@freebsd.org Sun Nov 19 15:29:18 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0CC6BD94A16 for ; Sun, 19 Nov 2017 15:29:18 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (grunt.madpilot.net [78.47.145.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C0D137C751 for ; Sun, 19 Nov 2017 15:29:16 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 3yfwZs13XpzZqh; Sun, 19 Nov 2017 16:22:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=madpilot.net; h= content-transfer-encoding:content-language:content-type :content-type:in-reply-to:mime-version:user-agent:date:date :message-id:from:from:references:subject:subject:received :received; s=mail; t=1511104963; x=1512919364; bh=cv/WhJBnwS7TJf 8uklhYHG9rU14SljI5v+2BlltdZEg=; b=gPEOKJzqjl294+Xw1Jb44K4D2IuLq9 mPGPo6wC+YLehbeTINB5L7CZkqLe2aJuMtDwD/WxWZEEpSjdb6qUDkWGzMlG6LTW SF4HKLoP9S/sIFn+TH2IFS/83BcP3m8sJuoCAHUkvGatQA3/aOm5Kc/FtivMjAns LqUg8Jv2PxJB0= Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10024) with ESMTP id 7bIlX3Ja_pH8; Sun, 19 Nov 2017 16:22:43 +0100 (CET) Received: from tommy.madpilot.net (micro.madpilot.net [88.149.173.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.madpilot.net (Postfix) with ESMTPSA; Sun, 19 Nov 2017 16:22:43 +0100 (CET) Subject: Re: OpenVPN vs IPSec To: Victor Sudakov , freebsd-net@freebsd.org References: <20171118165842.GA73810@admin.sibptus.transneft.ru> From: Guido Falsi Message-ID: <4b423f34-3717-b539-ca8c-4508f0caef3a@madpilot.net> Date: Sun, 19 Nov 2017 16:22:42 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171118165842.GA73810@admin.sibptus.transneft.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2017 15:29:18 -0000 On 11/18/2017 17:58, Victor Sudakov wrote: > Dear Colleagues, > > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with OpenVPN > like pfSense, OpenWRT etc)? I am personally using OpenVPN for my extremely modest needs, but a friend with more complex needs found a good tool with softether (available in ports as security/softether). I also suggested it to some friends who are happy with it and reported it is easy to setup and use. It would give you freedom of choice for proto/client. Please note that I never used it myself although I plan to give it a spin sometime. This is just a suggestion from a more practical point of view, without any consideration on which one is the superior protocol/tool. -- Guido Falsi