Setting up VPN+IPSec+Racoon
Mike Tancsa
mike at sentex.net
Thu Feb 16 17:10:40 PST 2006
On Thu, 16 Feb 2006 18:26:42 +0100, in sentex.lists.freebsd.questions
you wrote:
>Hello,
>
>it is the first time I have to set up such configuration. Could you tell
>me some guidelines? What should I care about? I see there's a chapter in
>the Handbook about VPN. It mentions the FAST_IPSEC kernel option in
> >5.X. Should I use this implemetation or the KAME implementation? What
>are the differencies, and what are the advantages, disadvantages of each?
>If you know some other good tutorial or howto, please let me know.
>
FAST_IPSEC allows for hardware crypto offloading (see man 4 crypto).
Even without it, the author claims its faster than KAME. However, its
important to note FAST_IPSEC cannot work with INET6 in the kernel.
Also, you want to use it mostly with RELENG_6 if possible. Also, dont
use racoon, better to use ipsec-tools. Its also in the ports.
As for tutorials, google around and read through various posts. There
is lots of good info out there. Perhaps if you describe what you want
to do, people can make specific suggestions.
---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
mike at sentex.net, (http://www.tancsa.com)
More information about the freebsd-questions
mailing list