Date: Wed, 9 Oct 2019 17:38:09 -0500 From: Doug McIntyre <merlyn@geeks.org> To: freebsd-questions@freebsd.org Subject: Re: help with setting up IPSEC in FreeBSD 12 Message-ID: <20191009223809.GA7729@geeks.org> In-Reply-To: <2bda93a7-2c21-c69e-cc11-00d2c78dea71@monkeybrains.net> References: <0b60ed6c-30c9-a12a-d608-58b828b44a9a@monkeybrains.net> <2bda93a7-2c21-c69e-cc11-00d2c78dea71@monkeybrains.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 09, 2019 at 12:29:38AM -0700, Rudy wrote: > Now I need keys manages. Do I still need to set up racoon? It looks > like a lot of configuration when I just want to simply setup encryption > on a gif link from a FreeBSD box to a Mikrotik. Is there an easier way > to do this in FreeBSD 12? Right, "the wonderful thing about standards, is there is so many to choose from." You just setup a staticly keyed IPSec tunnel. Most of the rest of the world moved to dynamicly ISAKMP keyed tunnels ages ago. That is what racoon does, run the ISAKMP protocol for dynamicly keyed tunnels. Typically the only place staticly keyed IPsec tunnels are done is on Unix boxes without bothering to setup racoon, but nowhere else. If you need to go to another type of device, typically one that bills itself as a firewall or router, you are going to be doing ISAKMP dynamicly keyed tunnels with security associations setup.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191009223809.GA7729>