Am 19.11.2017 um 15:30 schrieb Victor Sudakov:
Muenz, Michael wrote:
Am 19.11.2017 um 13:08 schrieb Victor Sudakov:
Muenz, Michael wrote:
Is there any reason to prefer IPSec over OpenVPN for building VPNs
between FreeBSD hosts and routers (and others compatible with OpenVPN
like pfSense, OpenWRT etc)?
I can see only advantages of OpenVPN (a single UDP port, a single
userland daemon, no kernel rebuild required, a standard PKI, an easy
way to push settings and routes to remote clients, nice monitoring
feature etc). But maybe there is some huge advantage of IPSec I've
skipped?
Hi,
partners/customers with Cisco IOS or ASA wont be able to partner up
without IPSEC.
Sure, that's why I wrote "and others compatible with OpenVPN
like pfSense, OpenWRT etc" in the first paragraph.
Are you just searching for arguments against IPSec or real life cases?
Actually, I' searching for arguments *for* IPSec.
IMHO when you have both ends under control OpenVPN is just fine.
If you are planning to interconnect with many customers/vendors IPSec
fits best.
I have a personal success story of establishing transport mode IPSec
between Windows and FreeBSD/racoon. But when other OSes are involved,
I have the impression that there is no pure IPSec, it's usually
IPSec+L2TP, and that's where the FreeBSD part becomes complicated
(interaction between ipsec, mpd5 and racoon is required).
Victor, perhaps I misunderstood you. I was talking about Site2Site,
and only this.
I'm fully at your side that IPSec for Remote Access is horrible and I
also don't use it.
For RA we generally use OpenVPN or AnyConnect (*duck*).
Michael
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
