Date: Sat, 11 Jan 2020 18:23:45 +0700 From: Victor Sudakov <vas@sibptus.ru> To: Michael Grimm <trashcan@ellael.org> Cc: freebsd-questions@freebsd.org, FreeBSD <freebsd-net@freebsd.org> Subject: Re: replacement of security/ipsec-tools Message-ID: <20200111112345.GB62210@admin.sibptus.ru> In-Reply-To: <F8F2CB6D-FF7D-4EB0-A7F1-A0442A674FC0@ellael.org> References: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org> <20200110035009.GB67842@admin.sibptus.ru> <F8F2CB6D-FF7D-4EB0-A7F1-A0442A674FC0@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--UHN/qo2QbUvPLonB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Michael Grimm wrote: [dd] >=20 > Then this mail made my day: >=20 > >> What do I need? > >> #) a VPN tunnel between two hosts > >> #) both local networks reachable from the remote host > >=20 > > That is what kernel IPSec is for, you can even do it on static keys > > without any ISAKMP daemon like racoon. See an example in if_ipsec(4). >=20 > I did install my IPSEC/racoon tunnel many years ago and missed the recent= implementation of if_ipsec completely.=20 >=20 > Victor, thank you very, very much for pointing me to this interface. > Now, my tunnel is far less complicated to implement[1], and I will no > longer need security/ipsec-tools at all!=20 You are welcome. But maybe one day you'll want to change your IPSec keys more often than in a manual setup, then you'll return to some ISAKMP implementation. I've been trying out strongswan for the last 2-3 days and must admit it's not that scary when you grasp the concept. But it is not without its problems either, see my another post about it. --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --UHN/qo2QbUvPLonB Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeGbBBAAoJEA2k8lmbXsY0de4IAJvjbwvFGUBYkg3Hx7Iy9Z6r AyF4FoYlQOBQtW5oYhq//cR05o3ThaQFvgVOMM3sIeqM5jfnaC+KRz9MYjY/kBLv 1LIQrVO+CcQIiZx8EZ5yEnNEGIOgFxzJSnJddvuyt2LOmzmUAwTnbrVLdjtcib5h sJiDQYLAQUKgleWW8svvHNd5crLzlKf8+z7FUicxk8e5khuRLiHwJeHhg8iZeUm/ bP1Jph7cSGMbMWC3vcRMflLzZDBsplIFPWoxBWygNtIPdqbvFgPKgNtNVwpcOwYP hknKFx79ifUVivh5jv50kQsdpzu4IEnRsOp0tvjaINwPgtMytGP5QnxOeLuH4O4= =3kzw -----END PGP SIGNATURE----- --UHN/qo2QbUvPLonB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200111112345.GB62210>