From owner-freebsd-ports@freebsd.org Thu Jan 2 22:06:59 2020 Return-Path: Delivered-To: freebsd-ports@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BD82A1DC18E; Thu, 2 Jan 2020 22:06:59 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [91.121.41.56]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47phw26g1zz41JJ; Thu, 2 Jan 2020 22:06:58 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from [IPv6:2003:fb:4f00:e601:65e7:5617:86ea:8f7b] (p200300FB4F00E60165E7561786EA8F7B.dip0.t-ipconnect.de [IPv6:2003:fb:4f00:e601:65e7:5617:86ea:8f7b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 47phvz4FPWztCD; Thu, 2 Jan 2020 23:06:55 +0100 (CET) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.102.1 at mail.enfer-du-nord.net From: Michael Grimm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: replacement of security/ipsec-tools Message-Id: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org> Date: Thu, 2 Jan 2020 23:06:53 +0100 To: freebsd-questions@freebsd.org, FreeBSD X-Mailer: Apple Mail (2.3445.104.11) X-Spam-Status: No, score=0.4 required=5.0 tests=BAYES_00,HELO_NO_DOMAIN, KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_NONE autolearn=no autolearn_force=no version=3.4.3 X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on mail.mer-waases.lan X-Rspamd-Queue-Id: 47phw26g1zz41JJ X-Spamd-Bar: +++++ Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of trashcan@ellael.org has no SPF policy when checking 91.121.41.56) smtp.mailfrom=trashcan@ellael.org X-Spamd-Result: default: False [5.49 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ellael.org]; AUTH_NA(1.00)[]; RBL_MAILSPIKE_WORST(2.00)[56.41.121.91.rep.mailspike.net : 127.0.0.10]; NEURAL_SPAM_MEDIUM(0.97)[0.968,0]; IP_SCORE(0.13)[ipnet: 91.121.0.0/16(-1.23), asn: 16276(1.89), country: FR(0.00)]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.99)[0.992,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16276, ipnet:91.121.0.0/16, country:FR]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jan 2020 22:06:59 -0000 [X-posted, please chose the relevant ML for such a thread] Hi, I am running ipsec-tools to implement a VPN tunnel (esp) between two = hosts for years now. But this statement on http://ipsec-tools.sourceforge.net makes me think = about an alternative: The development of ipsec-tools has been ABANDONED.=20 ipsec-tools has security issues, and you should not use it. = Please switch to a secure alternative!=20 Could you provide me with links where I could find more details about = the above mentioned 'security issues'? I want to find out, if my = specific setup has security issues at all. Thanks. What would be a secure alternative if one is needed?=20 #) security/racoon2 #) security/strongswan #) something else? What do I need? #) a VPN tunnel between two hosts #) both local networks reachable from the remote host Thanks and regards, Michael