Date: Fri, 10 Jan 2020 10:50:09 +0700 From: Victor Sudakov <vas@sibptus.ru> To: freebsd-questions@freebsd.org Subject: Re: replacement of security/ipsec-tools Message-ID: <20200110035009.GB67842@admin.sibptus.ru> In-Reply-To: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org> References: <50378AC0-0A0A-4E33-961F-3D180987A8C1@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--mxv5cy4qt+RJ9ypb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Michael Grimm wrote: > [X-posted, please chose the relevant ML for such a thread] >=20 > Hi, >=20 > I am running ipsec-tools to implement a VPN tunnel (esp) between two host= s for years now. >=20 > But this statement on http://ipsec-tools.sourceforge.net makes me think a= bout an alternative: > The development of ipsec-tools has been ABANDONED.=20 > ipsec-tools has security issues, and you should not use it. Please switc= h to a secure alternative!=20 >=20 > Could you provide me with links where I could find more details about the= above mentioned 'security issues'? I want to find out, if my specific setu= p has security issues at all. Thanks. >=20 > What would be a secure alternative if one is needed?=20 > #) security/racoon2 > #) security/strongswan > #) something else? There was also security/isakmpd but is marked as BROKEN now. I've been told that strongswan works on FreeBSD. I've tried installing strongswan, but it looks too complex and tricky in comparison with racoon. If you ever find good documentation/howto for strongswan on FreeBSD, please share with me. >=20 > What do I need? > #) a VPN tunnel between two hosts > #) both local networks reachable from the remote host That is what kernel IPSec is for, you can even do it on static keys without any ISAKMP daemon like racoon. See an example in if_ipsec(4). --=20 Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet http://vas.tomsk.ru/ --mxv5cy4qt+RJ9ypb Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJeF/RxAAoJEA2k8lmbXsY09CgH/Rxr25IH/4E6Ckm7OMbuKo4s 8tE0RqQ/VVivGh88n3t9kcfecv8wKpj/FIospjXbZmNRgG5cXHU0z/jD9Y5z0h/f BqNZIRxEOBryvdB0U9NFFLI9lJlqxPXBRlesUxRAittojLvjDi2jCXQigmmLUma/ g3itSpbAaLUlyQV0uGtT+6fQvlOInoPNKaI4hHU8fRX36YRk3yfs8OHxJL29OBz0 K+7kIL06xrvU4og+uKxL+mxqPZYvqoTB4SIthCMeBIA2dYAOSQjo4cOHxPZCQkVA vk1/23wA6pF7zUljC9xxVi96MxvydV6o3amav31Tu2BXC/XXZleLJnop3TgaJhc= =IYIF -----END PGP SIGNATURE----- --mxv5cy4qt+RJ9ypb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200110035009.GB67842>