OpenVPN vs IPSec
Victor Sudakov
vas at mpeks.tomsk.su
Sun Nov 19 15:20:01 UTC 2017
Eugene Grosbein wrote:
>
> > And the kernel IPsec implementation has had problems with NAT
> > traveral. Does it stil have problems and requre extra patches for NAT
> > traveral?
>
> No, it has not after IPSec code overhaul in times of 11.0-STABLE.
> NAT traversal works out-of-box these days not requiring extra patches.
Glad to hear that. Also, in 11.x no kernel recompilation is needed to
enable IPSec.
So maybe when I eventually migrate all my hosts to the 11th branch, it
will be time for me to give IPSec a second chance, with all that nice
if_ipsec stuff.
>
> It needs "nat_traversal on" in the racoon.conf, though.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
More information about the freebsd-net
mailing list