On Jul 28, 2006, at 2:17 PM, Randal L. Schwartz wrote:
"Jason" == Jason Dixon <[EMAIL PROTECTED]> writes:
Jason> Everything you need is in the base install. With the recent
changes to
Jason> ipsecctl and ipsec.conf, there's no need to consider
OpenVPN (except perhaps
Jason> on technical merits, which I believe it loses on).
Maybe not on "getting it set up", but there are definitely some
problems with
ipsec that make OpenVPN a winner for some circumstances, such as
NAT traversal
and hostile-to-v6 routers and ISPs.
Unless something has happened with ipsec/ipv6 in general recently
that I'm not
aware of. If so, please share.
Unless you're aware of some unpublished issues with OpenBSD's NAT-T
support, it should work fine for his scenario. Full NAT-T support
has been in for quite some time now (~3.6). Hakan, please feel free
to correct me if I'm mistaken.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
