OpenVPN vs IPSec
Eric Masson
emss at free.fr
Sun Nov 19 13:38:10 UTC 2017
Victor Sudakov <vas at mpeks.tomsk.su> writes:
Hi,
> Because it's in the kernel? But many use (and recommend) StrongSwan
> which is a userland implementation.
Key exchange (ike) is managed by a userland process, but, in FreeBSD,
ipsec transform is kernel domain.
> IPsec in itself maybe a standard, but IKE does not seem to be much of
> a standard, I get the impression that there's much incompatibility
> between vendors (Cisco, racoon etc).
In early 2000's there were some glitches (mostly about non standard auth
extensions added by cisco for example), nowadays most of the issues are
PEBKAC class and nothing that can't be solved.
Éric Masson
--
Rm : (Lance ResEdit ou Resorcerer ...)
PC : C'est fini tout ça, ils écrivent leurs trucs en binaire chinois
recompilé en martien.
-+- PC in Guide du Macounet Pervers : ResEdit a marche pu -+-
More information about the freebsd-net
mailing list