IPSEC tunnels
Dewayne Geraghty
dewaynegeraghty at gmail.com
Fri Apr 8 07:43:17 UTC 2016
Yes I've used it in production for 10 years. Using fixed passwords between
8 branch sites, a HQ, and a contingency location. I've also
used strongswan (ikev2) and certificates but it was non-trivial. All
firewalls were NATed, if you need to filter traffic you'll need to do so
via enc0 (as I recall).
Sorry no examples, generally I found it less trouble to filter the interior
side of the few, and/or define the ports that you're allowing-though that
starts to get messy.
Regards Dewayne
PS and for the paranoid, yes the password was changed via time-sync'ed ssh
:)
On Friday, 8 April 2016, Wojciech Puchar <wojtek at puchar.net> wrote:
> does anyone use this in production? How about performance. OpenVPN
> performance is poor due to system call/context switch on every packet.
>
> I found lots of examples how to configure it, but none where one side is
> over NAT. Can it be configured that way? Any examples?
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
--
*Disclaimer:*
*As implied by email protocols, the information in this message is not
confidential. Any intermediary or recipient may inspect, modify (add),
copy, forward, reply to, delete, or filter email for any purpose unless
said parties are otherwise obligated. Nothing in this message may be
legally binding without cryptographic evidence of its integrity and/or
confidentiality.*
More information about the freebsd-hackers
mailing list