Date: Sun, 19 Nov 2017 14:38:05 +0100 From: Eric Masson <emss@free.fr> To: Victor Sudakov <vas@mpeks.tomsk.su> Cc: "Muenz\, Michael" <m.muenz@spam-fetish.org>, Jim Thompson <jim@netgate.com>, freebsd-net@freebsd.org Subject: Re: OpenVPN vs IPSec Message-ID: <86o9nytmma.fsf@newsrv.interne.associated-bears.org> In-Reply-To: <20171119120832.GA82727@admin.sibptus.transneft.ru> (Victor Sudakov's message of "Sun, 19 Nov 2017 19:08:32 %2B0700") References: <20171118165842.GA73810@admin.sibptus.transneft.ru> <b96b449e-3dc1-6e75-e803-e6d6abefe88e@spam-fetish.org> <20171119120832.GA82727@admin.sibptus.transneft.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Victor Sudakov <vas@mpeks.tomsk.su> writes: Hi, > Because it's in the kernel? But many use (and recommend) StrongSwan > which is a userland implementation. Key exchange (ike) is managed by a userland process, but, in FreeBSD, ipsec transform is kernel domain. > IPsec in itself maybe a standard, but IKE does not seem to be much of > a standard, I get the impression that there's much incompatibility > between vendors (Cisco, racoon etc). In early 2000's there were some glitches (mostly about non standard auth extensions added by cisco for example), nowadays most of the issues are PEBKAC class and nothing that can't be solved. Éric Masson -- Rm : (Lance ResEdit ou Resorcerer ...) PC : C'est fini tout ça, ils écrivent leurs trucs en binaire chinois recompilé en martien. -+- PC in Guide du Macounet Pervers : ResEdit a marche pu -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86o9nytmma.fsf>