replacement of security/ipsec-tools
Victor Sudakov
vas at sibptus.ru
Sat Jan 11 11:23:48 UTC 2020
Michael Grimm wrote:
[dd]
>
> Then this mail made my day:
>
> >> What do I need?
> >> #) a VPN tunnel between two hosts
> >> #) both local networks reachable from the remote host
> >
> > That is what kernel IPSec is for, you can even do it on static keys
> > without any ISAKMP daemon like racoon. See an example in if_ipsec(4).
>
> I did install my IPSEC/racoon tunnel many years ago and missed the recent implementation of if_ipsec completely.
>
> Victor, thank you very, very much for pointing me to this interface.
> Now, my tunnel is far less complicated to implement[1], and I will no
> longer need security/ipsec-tools at all!
You are welcome. But maybe one day you'll want to change your IPSec keys
more often than in a manual setup, then you'll return to some ISAKMP
implementation.
I've been trying out strongswan for the last 2-3 days and must admit
it's not that scary when you grasp the concept. But it is not without
its problems either, see my another post about it.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49 at fidonet http://vas.tomsk.ru/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20200111/46c4eb4a/attachment.sig>
More information about the freebsd-questions
mailing list