Date: Tue, 23 Apr 2019 10:03:21 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Louis Kowolowski <louisk@cryptomonkeys.org>, Wojciech Puchar <wojtek@puchar.net> Cc: freebsd-hackers@freebsd.org Subject: Re: openvpn and system overhead Message-ID: <5CBE8079.1000704@grosbein.net> In-Reply-To: <25566D0F-72DF-4EF1-8900-8DD611D03B33@cryptomonkeys.org> References: <alpine.BSF.2.20.1904171707030.87502@puchar.net> <0cc6e0ac-a9a6-a462-3a1e-bfccfd41e138@grosbein.net> <alpine.BSF.2.20.1904191841200.44949@puchar.net> <5CBAB88C.4020402@grosbein.net> <alpine.BSF.2.20.1904221731560.76479@puchar.net> <25566D0F-72DF-4EF1-8900-8DD611D03B33@cryptomonkeys.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22.04.2019 22:58, Louis Kowolowski wrote: > On Apr 22, 2019, at 10:32 AM, Wojciech Puchar <wojtek@puchar.net> wrote: >> >>>> well it has to cooperate with multitude of clients like windoze, >>>> point&click routers etc. that's why openvpn. >>> >>> Windows has stock support for IPSec with and without L2TP and has no stock openvpn, so IPSec is more preferable. >> >> can IPSEC VPN work over nat? even freebsd-freebsd case. >> >> I cannot find any tutorial how to do this. > > -ish > You must forward udp/4500 to the host and IPSec will negotiate a tunnel successfully. > > https://tools.ietf.org/html/rfc3947 <https://tools.ietf.org/html/rfc3947> No need to forward anything for client side.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5CBE8079.1000704>