Date: Mon, 30 Jun 2008 11:20:53 +1000 From: Andrew Snow <andrew@modulus.org> To: freebsd-net@freebsd.org Subject: Re: FreeBSD NAT-T patch integration Message-ID: <486834F5.8080307@modulus.org> In-Reply-To: <48680DB8.708@shrew.net> References: <4867B2B3.3090208@shrew.net> <48680DB8.708@shrew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've just started moving a medium IPSEC+gif VPN to one based on OpenVPN. OpenVPN solved all my problems with IPSEC: * does not require kernel modules or recompiles * works over UDP by default (and optionally TCP) + only requires a single IP port at each end * supports compression out of the box * supports bridging as well as tunneling Despite that, I didn't have to give up features or performance: * fast and secure enough (authentication, replay prevention) * very easy to configure & manage via either CLI/config files * supports both preshared keys or standard TLS+certs * also works on linux and windows. * supports hardware acceleration via openssl engines FWIW, I will probably never go back to IPSEC after this. - Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?486834F5.8080307>