Sven Ingebrigt Ulland wrote: > We are about to deploy some fairly critical VPN functionality in our > network, and for that purpose we're considering using OpenBSD with > isakmp/ipsec. We've had a test setup running for some time now with > no problems, but I'm interested in hearing about your long-term > experiences with running openbsd ipsec/isakmpd in critical production > environments. My excuses for the survey-ish feeling of this post. > > How long have you been running openbsd isakmpd/ipsec (in production)?
We have since changed how we're doing this, but we had a Cisco and OpenBSD VPN running for a few years. > What problems, if any, have you had with the openbsd vpn > implementations? Which of them are the most recurring? How do you > usually fix them? We had zero problems--with the exception of a couple rare MTU issues and, while probably not the ideal resolution, fixing the MTU on the affected hosts resolved these. > Have you experienced any interoperability problems when establishing > tunnels with peers that run other implementations (cisco, checkpoint, > etc)? And if so, how do you work around those? None--after finding the correct initial configuration everything "just worked" and continued to.
