From owner-freebsd-hackers@freebsd.org Mon Apr 22 15:59:43 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C255B159DF0D for ; Mon, 22 Apr 2019 15:59:42 +0000 (UTC) (envelope-from louisk@cryptomonkeys.org) Received: from mail.cryptomonkeys.com (mail.cryptomonkeys.com [206.189.203.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 895D96AC3D for ; Mon, 22 Apr 2019 15:59:41 +0000 (UTC) (envelope-from louisk@cryptomonkeys.org) Received: from freebsd-s-2vcpu-2gb-nyc1-01 (localhost [127.0.0.1]) by mail.cryptomonkeys.com (Postfix) with ESMTP id 3E7A575940; Mon, 22 Apr 2019 15:59:04 +0000 (UTC) Received: from mail.cryptomonkeys.com ([127.0.0.1]) by freebsd-s-2vcpu-2gb-nyc1-01 (mail.cryptomonkeys.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iXnilg7-B8VA; Mon, 22 Apr 2019 15:58:56 +0000 (UTC) Received: from ipwn.gwp.corp.flightaware.com (natpool.gwp.corp.flightaware.com [38.100.147.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cryptomonkeys.com (Postfix) with ESMTPSA id 5428075934; Mon, 22 Apr 2019 15:58:56 +0000 (UTC) From: Louis Kowolowski Message-Id: <25566D0F-72DF-4EF1-8900-8DD611D03B33@cryptomonkeys.org> Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Subject: Re: openvpn and system overhead Date: Mon, 22 Apr 2019 10:58:56 -0500 In-Reply-To: Cc: Eugene Grosbein , freebsd-hackers@freebsd.org To: Wojciech Puchar References: <0cc6e0ac-a9a6-a462-3a1e-bfccfd41e138@grosbein.net> <5CBAB88C.4020402@grosbein.net> X-Rspamd-Queue-Id: 895D96AC3D X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of louisk@cryptomonkeys.org designates 206.189.203.84 as permitted sender) smtp.mailfrom=louisk@cryptomonkeys.org X-Spamd-Result: default: False [-0.91 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.88)[-0.876,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[cryptomonkeys.org]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.13)[0.131,0]; NEURAL_HAM_LONG(-0.66)[-0.664,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mail.cryptomonkeys.org]; RCVD_IN_DNSWL_NONE(0.00)[84.203.189.206.list.dnswl.org : 127.0.6.0]; IP_SCORE(0.31)[asn: 14061(1.60), country: US(-0.06)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:14061, ipnet:206.189.192.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Apr 2019 15:59:43 -0000 On Apr 22, 2019, at 10:32 AM, Wojciech Puchar wrote: >=20 >>> well it has to cooperate with multitude of clients like windoze, >>> point&click routers etc. that's why openvpn. >>=20 >> Windows has stock support for IPSec with and without L2TP and has no = stock openvpn, so IPSec is more preferable. >=20 > can IPSEC VPN work over nat? even freebsd-freebsd case. >=20 > I cannot find any tutorial how to do this. -ish You must forward udp/4500 to the host and IPSec will negotiate a tunnel = successfully. https://tools.ietf.org/html/rfc3947 = -- Louis Kowolowski louisk@cryptomonkeys.org = Cryptomonkeys: = http://www.cryptomonkeys.com/ Making life more interesting for people since 1977