On Wed, 8 Apr 2020 13:36:18 -0700 Richard Doyle via Dng <dng@lists.dyne.org> wrote: > Good timing! WireGuard is in the kernel and version 1.0.0 has been > released. Devuan doesn't provide a package yet, but it is pretty easy > to build and install from source. I've been running it for months, > replacing OpenVPN Tunnels. WireGuard is much faster, and I found it > easier to configure and debug. > > As I understand it, FreeSwan is defunct. but OpenSwan is around. Can't > comment on it, as I haven't used IPSEC VPNs >
For server to server (the original question) OpenVPN is a doddle once you know how to set it up. Just a pain because of certificates, which is where most people struggle. Libreswan is the most advanced of the *swans encryption wise - their defaults encryption levels are pretty high with IPSEC v2 (don't use v1). Devs are pretty helpful too. Be interested to see their comments on encryption levels and security compared to wireguard. https://download.libreswan.org/binaries/README.debian Can't see a Devuan package available but it used to be fairly easy to build from source. You can use passwords (if you really have to), RSA Sigs or certificates. I've used it for years for site to site tunnels as it is pretty stable. Can't comment on performance as it has never been a major factor for me so never really tested it. I suspect encryption levels have a fairly large part to play in this, but I am no cryptographer. All IMHO :-) B. Rgds John
pgpSDH2f5dFZ_.pgp
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
