18.11.2017 23:58, Victor Sudakov wrote: > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with OpenVPN > like pfSense, OpenWRT etc)? > > I can see only advantages of OpenVPN (a single UDP port, a single > userland daemon, no kernel rebuild required, a standard PKI, an easy > way to push settings and routes to remote clients, nice monitoring > feature etc). But maybe there is some huge advantage of IPSec I've > skipped?
OpenVPN may be fine for very simple setups. It is unusable for demanding cases like parallel site-to-site VPN tunnels with dynamic routing for same network prefix between such primary/backup tunnel; for other setups that need distinct full-blown network interface for each tunnel to process with SNMP agent/routing daemon/packet filters etc. because distinct OpenVPN instances cannot share routing correctly in beetween. In short, OpenVPN just is not designed to play nice and standard-compiliant way with other parts of the system and sometimes that's unacceptable. And sometimes that's irrelevant. _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
