OpenVPN vs IPSec
Muenz, Michael
m.muenz at spam-fetish.org
Sun Nov 19 18:39:31 UTC 2017
Am 19.11.2017 um 15:30 schrieb Victor Sudakov:
> Muenz, Michael wrote:
>> Am 19.11.2017 um 13:08 schrieb Victor Sudakov:
>>> Muenz, Michael wrote:
>>>>> Is there any reason to prefer IPSec over OpenVPN for building VPNs
>>>>> between FreeBSD hosts and routers (and others compatible with OpenVPN
>>>>> like pfSense, OpenWRT etc)?
>>>>>
>>>>> I can see only advantages of OpenVPN (a single UDP port, a single
>>>>> userland daemon, no kernel rebuild required, a standard PKI, an easy
>>>>> way to push settings and routes to remote clients, nice monitoring
>>>>> feature etc). But maybe there is some huge advantage of IPSec I've
>>>>> skipped?
>>>>>
>>>> Hi,
>>>>
>>>> partners/customers with Cisco IOS or ASA wont be able to partner up
>>>> without IPSEC.
>>> Sure, that's why I wrote "and others compatible with OpenVPN
>>> like pfSense, OpenWRT etc" in the first paragraph.
>>>
>> Are you just searching for arguments against IPSec or real life cases?
> Actually, I' searching for arguments *for* IPSec.
>
>> IMHO when you have both ends under control OpenVPN is just fine.
>> If you are planning to interconnect with many customers/vendors IPSec
>> fits best.
> I have a personal success story of establishing transport mode IPSec
> between Windows and FreeBSD/racoon. But when other OSes are involved,
> I have the impression that there is no pure IPSec, it's usually
> IPSec+L2TP, and that's where the FreeBSD part becomes complicated
> (interaction between ipsec, mpd5 and racoon is required).
Victor, perhaps I misunderstood you. I was talking about Site2Site,
and only this.
I'm fully at your side that IPSec for Remote Access is horrible and I
also don't use it.
For RA we generally use OpenVPN or AnyConnect (*duck*).
Michael
More information about the freebsd-net
mailing list