FreeBSD NAT-T patch integration
Andrew Snow
andrew at modulus.org
Mon Jun 30 01:21:17 UTC 2008
I've just started moving a medium IPSEC+gif VPN to one based on OpenVPN.
OpenVPN solved all my problems with IPSEC:
* does not require kernel modules or recompiles
* works over UDP by default (and optionally TCP)
+ only requires a single IP port at each end
* supports compression out of the box
* supports bridging as well as tunneling
Despite that, I didn't have to give up features or performance:
* fast and secure enough (authentication, replay prevention)
* very easy to configure & manage via either CLI/config files
* supports both preshared keys or standard TLS+certs
* also works on linux and windows.
* supports hardware acceleration via openssl engines
FWIW, I will probably never go back to IPSEC after this.
- Andrew
More information about the freebsd-net
mailing list