From owner-freebsd-questions@FreeBSD.ORG Fri Feb 17 01:10:40 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA32616A420 for ; Fri, 17 Feb 2006 01:10:40 +0000 (GMT) (envelope-from mike@sentex.net) Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F23A43D45 for ; Fri, 17 Feb 2006 01:10:40 +0000 (GMT) (envelope-from mike@sentex.net) Received: from BLUELAPIS.sentex.ca (cage.simianscience.com [64.7.134.1]) by smarthost2.sentex.ca (8.13.4/8.13.4) with SMTP id k1H1AcYF096732; Thu, 16 Feb 2006 20:10:38 -0500 (EST) (envelope-from mike@sentex.net) From: Mike Tancsa To: =?ISO-8859-1?Q?K=F6vesd=E1n_G=E1bor?= Date: Thu, 16 Feb 2006 20:10:47 -0500 Message-ID: References: <43F4B5D2.6020303@t-hosting.hu> In-Reply-To: <43F4B5D2.6020303@t-hosting.hu> X-Mailer: Forte Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 2.51 on 205.211.164.50 Cc: freebsd-questions@freebsd.org Subject: Re: Setting up VPN+IPSec+Racoon X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2006 01:10:40 -0000 On Thu, 16 Feb 2006 18:26:42 +0100, in sentex.lists.freebsd.questions you wrote: >Hello, > >it is the first time I have to set up such configuration. Could you tell= =20 >me some guidelines? What should I care about? I see there's a chapter in= =20 >the Handbook about VPN. It mentions the FAST_IPSEC kernel option in=20 > >5.X. Should I use this implemetation or the KAME implementation? What=20 >are the differencies, and what are the advantages, disadvantages of = each? >If you know some other good tutorial or howto, please let me know. > =46AST_IPSEC allows for hardware crypto offloading (see man 4 crypto). Even without it, the author claims its faster than KAME. However, its important to note FAST_IPSEC cannot work with INET6 in the kernel. Also, you want to use it mostly with RELENG_6 if possible. Also, dont use racoon, better to use ipsec-tools. Its also in the ports. As for tutorials, google around and read through various posts. There is lots of good info out there. Perhaps if you describe what you want to do, people can make specific suggestions. ---Mike -------------------------------------------------------- Mike Tancsa, Sentex communications http://www.sentex.net Providing Internet Access since 1994 mike@sentex.net, (http://www.tancsa.com)