Date: Sun, 19 Nov 2017 13:32:28 +0100 From: "Muenz, Michael" <m.muenz@spam-fetish.org> To: freebsd-net@freebsd.org Subject: Re: OpenVPN vs IPSec Message-ID: <d92dff62-3baf-a22d-bfac-5a668b276259@spam-fetish.org> In-Reply-To: <20171119120832.GA82727@admin.sibptus.transneft.ru> References: <20171118165842.GA73810@admin.sibptus.transneft.ru> <b96b449e-3dc1-6e75-e803-e6d6abefe88e@spam-fetish.org> <20171119120832.GA82727@admin.sibptus.transneft.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 19.11.2017 um 13:08 schrieb Victor Sudakov: > Muenz, Michael wrote: >>> Is there any reason to prefer IPSec over OpenVPN for building VPNs >>> between FreeBSD hosts and routers (and others compatible with OpenVPN >>> like pfSense, OpenWRT etc)? >>> >>> I can see only advantages of OpenVPN (a single UDP port, a single >>> userland daemon, no kernel rebuild required, a standard PKI, an easy >>> way to push settings and routes to remote clients, nice monitoring >>> feature etc). But maybe there is some huge advantage of IPSec I've >>> skipped? >>> >> Hi, >> >> partners/customers with Cisco IOS or ASA wont be able to partner up >> without IPSEC. > Sure, that's why I wrote "and others compatible with OpenVPN > like pfSense, OpenWRT etc" in the first paragraph. > Are you just searching for arguments against IPSec or real life cases? IMHO when you have both ends under control OpenVPN is just fine. If you are planning to interconnect with many customers/vendors IPSec fits best. In the last 15 years I was never asked about a Site2Site VPN with OpenVPN from any customer or partner of the firewalls I managed. Michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d92dff62-3baf-a22d-bfac-5a668b276259>