From owner-freebsd-net@freebsd.org Sun Nov 19 13:38:10 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1B801DF5D9B for ; Sun, 19 Nov 2017 13:38:10 +0000 (UTC) (envelope-from emss.mail@gmail.com) Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A11BE78A9A for ; Sun, 19 Nov 2017 13:38:09 +0000 (UTC) (envelope-from emss.mail@gmail.com) Received: by mail-wm0-x22c.google.com with SMTP id x63so1306754wmf.4 for ; Sun, 19 Nov 2017 05:38:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:in-reply-to:references:user-agent:date :message-id:mime-version:content-transfer-encoding; bh=2zLmUFpV/s0eOWyaL6ad6Js5FeWweyJOm/jo9T7SMpM=; b=iCJCBAt6BapUCPuZwkeC/7/NzObq4f4EGifmsHDi+egRhfDXxGrq6sMpxAh2mtGutz yxJC2lQ7GFg5auU96ap4dFQCXSWfMjBS8Zb68StsO0DHoiPtuG10BUF14WhCLL9+mYO0 biBJYFr23xft65ZumDDSBiaybUNR4N4gwFTrA9LSnpEzfkQS2iH+BuYNaoAN3gf0LHqF Q5Jg39s9FDxWJs+Lc3GbaqLepgVqPJ2E11Gw4zfYebwtwWGqrbLB8I1IhT/p7M/pFtg4 UpdP39b/9yYu7952OtROeviD2YJt3Xk0hCc6y1IwsXjS2FHHI2ZpffkxPlKnPQmXdio6 k+UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :user-agent:date:message-id:mime-version:content-transfer-encoding; bh=2zLmUFpV/s0eOWyaL6ad6Js5FeWweyJOm/jo9T7SMpM=; b=PGonTyMK4O+k2lQe28HLrLSv95Db9kJCu6RBxf5E0NywwQh19RB+dRR4kLWvCuj/So 9OrJMUqBcyz1bqP6hm8WqRS2tt/RXWXFeezZZH4YH2LMGLyDLDrVdUF5DQ2GW14p+Y/i npKEjckpDpJ+kDVTlIbSSwGoTGwKB1y5G4zT6hVDutgOMxs305v/Ej2S9Fpqi7CSp/AR o8VEEcV1EqnRuTcZM0/gaGTE5aZWKfqgBYGdVFoAblTi/FteMYSgVAgER9EU4EjV0iV4 JTJ3XD8q34M9cA7GQ/xBT1fkKwxUmrYfYBCsSMlwK+/V4Y/q9Z5OP8oisnsUFUxzlxCo O/vA== X-Gm-Message-State: AJaThX4hTEeBEhiXr3iGv/zhPB2+QgM54xHyFY5+HexF4GHCnjMq0A3T semID2zLbVAMRsaTGRSwc+ruGQ== X-Google-Smtp-Source: AGs4zMYVThqqKfOGo0jI4gqjRCEQ859dAuFfOqbIQSg162OMcMdREuq4z6fa/hLYUrDoNd9bUCR8rg== X-Received: by 10.28.30.151 with SMTP id e145mr7500989wme.8.1511098687597; Sun, 19 Nov 2017 05:38:07 -0800 (PST) Received: from srvbsdfenssv.interne.associated-bears.org (LStLambert-658-1-110-48.w217-128.abo.wanadoo.fr. [217.128.200.48]) by smtp.gmail.com with ESMTPSA id 128sm13838122wmi.28.2017.11.19.05.38.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 19 Nov 2017 05:38:06 -0800 (PST) Sender: Eric Masson Received: from newsrv.interne.associated-bears.org (localhost [127.0.0.1]) by srvbsdfenssv.interne.associated-bears.org (Postfix) with ESMTP id E90BF260D; Sun, 19 Nov 2017 14:38:05 +0100 (CET) X-Virus-Scanned: amavisd-new at interne.associated-bears.org Received: from srvbsdfenssv.interne.associated-bears.org ([127.0.0.1]) by newsrv.interne.associated-bears.org (newsrv.interne.associated-bears.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTLJ4h01CcU4; Sun, 19 Nov 2017 14:38:05 +0100 (CET) Received: by srvbsdfenssv.interne.associated-bears.org (Postfix, from userid 1001) id 284B62608; Sun, 19 Nov 2017 14:38:05 +0100 (CET) From: Eric Masson To: Victor Sudakov Cc: "Muenz\, Michael" , Jim Thompson , freebsd-net@freebsd.org Subject: Re: OpenVPN vs IPSec In-Reply-To: <20171119120832.GA82727@admin.sibptus.transneft.ru> (Victor Sudakov's message of "Sun, 19 Nov 2017 19:08:32 +0700") References: <20171118165842.GA73810@admin.sibptus.transneft.ru> <20171119120832.GA82727@admin.sibptus.transneft.ru> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (berkeley-unix) X-Operating-System: FreeBSD 11.1-STABLE amd64 Date: Sun, 19 Nov 2017 14:38:05 +0100 Message-ID: <86o9nytmma.fsf@newsrv.interne.associated-bears.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Nov 2017 13:38:10 -0000 Victor Sudakov writes: Hi, > Because it's in the kernel? But many use (and recommend) StrongSwan > which is a userland implementation. Key exchange (ike) is managed by a userland process, but, in FreeBSD, ipsec transform is kernel domain. > IPsec in itself maybe a standard, but IKE does not seem to be much of > a standard, I get the impression that there's much incompatibility > between vendors (Cisco, racoon etc). In early 2000's there were some glitches (mostly about non standard auth extensions added by cisco for example), nowadays most of the issues are PEBKAC class and nothing that can't be solved. Éric Masson -- Rm : (Lance ResEdit ou Resorcerer ...) PC : C'est fini tout ça, ils écrivent leurs trucs en binaire chinois recompilé en martien. -+- PC in Guide du Macounet Pervers : ResEdit a marche pu -+-