Date: Sun, 19 Nov 2017 17:04:54 +0100 From: Eric Masson <emss@free.fr> To: Victor Sudakov <vas@mpeks.tomsk.su> Cc: freebsd-net@freebsd.org, Jim Thompson <jim@netgate.com>, "Muenz\, Michael" <m.muenz@spam-fetish.org> Subject: Re: OpenVPN vs IPSec Message-ID: <86k1ymtftl.fsf@newsrv.interne.associated-bears.org> In-Reply-To: <20171119145116.GE82727@admin.sibptus.transneft.ru> (Victor Sudakov's message of "Sun, 19 Nov 2017 21:51:16 %2B0700") References: <20171118165842.GA73810@admin.sibptus.transneft.ru> <b96b449e-3dc1-6e75-e803-e6d6abefe88e@spam-fetish.org> <20171119120832.GA82727@admin.sibptus.transneft.ru> <86o9nytmma.fsf@newsrv.interne.associated-bears.org> <20171119145116.GE82727@admin.sibptus.transneft.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Victor Sudakov <vas@mpeks.tomsk.su> writes: Hi, > That is, if you use kernel IPsec. But StrongSwan is completely > userland AFAIK. Nope, StrongSwan provides a userland ipsec stack but clearly states it's not intended to be used on security gateways. Its typical use case is when the kernel stack misses a required algorithm. > And the kernel IPsec implementation has had problems with NAT > traveral. Does it stil have problems and requre extra patches for NAT > traveral? Seems to me no patch has been required for a long time. ipsec is even now enabled in GENERIC and has no performance impact when not used (thanks to bz@). > Maybe I'm indeed the faulty layer between keyboard and chair, but > FreeBSD+IPsec+L2TP is still beyond me. Pure IPsec is fine more or > less with me. ipsec works fine, L2TP/ipsec is somewhat more convoluted. racoon needs 2 patches from what I've read here : https://forums.freebsd.org/threads/26755/ As I've now switched my gateways to LEDE/OpenWRT, I no longer toy with this kind of setup on FreeBSD. -- Les L*n*x**ns sont par définition des nioubies, biscotte on buvait déjà de la Guiness autour de trucs BSD alors que la pingouinade n'était même pas une lueur lubrique dans le regard de Linus T. -+- FYlG in <http://www.le-gnu.net>; : Gouin gouin les pingouins -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k1ymtftl.fsf>