Date: Fri, 8 Apr 2016 17:43:14 +1000 From: Dewayne Geraghty <dewaynegeraghty@gmail.com> To: Wojciech Puchar <wojtek@puchar.net> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: IPSEC tunnels Message-ID: <CAGnMC6qfEqASVnSr0hRHsrjz4e%2B6B1UzNGsr%2BLD78DO3PsV1Zw@mail.gmail.com> In-Reply-To: <alpine.BSF.2.20.1604080749020.4250@laptop.wojtek.intra> References: <alpine.BSF.2.20.1604080749020.4250@laptop.wojtek.intra>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes I've used it in production for 10 years. Using fixed passwords between 8 branch sites, a HQ, and a contingency location. I've also used strongswan (ikev2) and certificates but it was non-trivial. All firewalls were NATed, if you need to filter traffic you'll need to do so via enc0 (as I recall). Sorry no examples, generally I found it less trouble to filter the interior side of the few, and/or define the ports that you're allowing-though that starts to get messy. Regards Dewayne PS and for the paranoid, yes the password was changed via time-sync'ed ssh :) On Friday, 8 April 2016, Wojciech Puchar <wojtek@puchar.net> wrote: > does anyone use this in production? How about performance. OpenVPN > performance is poor due to system call/context switch on every packet. > > I found lots of examples how to configure it, but none where one side is > over NAT. Can it be configured that way? Any examples? > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > -- *Disclaimer:* *As implied by email protocols, the information in this message is not confidential. Any intermediary or recipient may inspect, modify (add), copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. Nothing in this message may be legally binding without cryptographic evidence of its integrity and/or confidentiality.*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGnMC6qfEqASVnSr0hRHsrjz4e%2B6B1UzNGsr%2BLD78DO3PsV1Zw>