GRE tunnel: Difference between revisions
From Nasqueron Agora
No edit summary |
|||
| (13 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==IPsec solutions == | ==IPsec solutions == | ||
===IPsec solutions: Racoon2, Libreswan and Strongswan.=== | |||
'''1. Racoon2:''' | '''1. Racoon2:''' | ||
;Advantages : | |||
* Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions. | |||
* Native on FreeBSD. | |||
* Simple configuration for point-to-point. | |||
;Disadvantages: | |||
* Project not actively maintained, last update was in 2020. | |||
* Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions. | |||
* Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses. | |||
* Harder to configure for complex setups. | |||
'''2. Libreswan:''' | '''2. Libreswan:''' | ||
;Advantages: | |||
* Actively maintained and stable on older hardware | |||
* IRC community. | |||
* Support NAT traversal, IKEv2 and enterprise VPN. | |||
;Disadvantages: | |||
* Less native support on FreeBSD. | |||
* heavier on ressource usage. | |||
* might need kernel patches. | |||
'''3. Strongswan:''' | '''3. Strongswan:''' | ||
;Advantages: | |||
**Disadvantages: | * Actively maintained with an active community on IRC. | ||
* Full support for IKEv2, EAP, PKI and Mobike | |||
* Well documented with community support. | |||
* Native of FreeBSD and Linux. | |||
;Disadvantages: | |||
* More complex to configure than racoon2 and libreswan. | |||
* Slightly heavier on ressources | |||
#'''Summary:''' | #'''Summary:''' | ||
* | *'''Racoon2''': easier to configure for basic setups but it is a deprecated project | ||
* | *'''Libreswan''': stable and maintained but less native on FreeBSD, might need kernel patches. | ||
* | *'''Strongswan''': Most complete solution with good documentation and community supports, more protocols than other solutions but might be more complex to configure and is heavier than other solutions. | ||
'''NOTE''': Libreswan and Strongwan are both based on FreeS/WAN project, Libreswan is closer to it's origin whereas Strongwan is a full reimplementation with a focus on IKEv2 and strong authentification | |||
==== Official documentation ==== | |||
*[https://docs.strongswan.org/docs/latest/index.html/ StronSgwan doc] | |||
*[https://libreswan.org/man/ LibreSwan doc] | |||
*[https://github.com/zoulasc/racoon2/ Racoon2 doc] | |||
Linked to {{T|2202}} | |||
Latest revision as of 14:36, 9 February 2026
IPsec solutions
IPsec solutions: Racoon2, Libreswan and Strongswan.
1. Racoon2:
- Advantages
- Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions.
- Native on FreeBSD.
- Simple configuration for point-to-point.
- Disadvantages
- Project not actively maintained, last update was in 2020.
- Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions.
- Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses.
- Harder to configure for complex setups.
2. Libreswan:
- Advantages
- Actively maintained and stable on older hardware
- IRC community.
- Support NAT traversal, IKEv2 and enterprise VPN.
- Disadvantages
- Less native support on FreeBSD.
- heavier on ressource usage.
- might need kernel patches.
3. Strongswan:
- Advantages
- Actively maintained with an active community on IRC.
- Full support for IKEv2, EAP, PKI and Mobike
- Well documented with community support.
- Native of FreeBSD and Linux.
- Disadvantages
- More complex to configure than racoon2 and libreswan.
- Slightly heavier on ressources
- Summary:
- Racoon2: easier to configure for basic setups but it is a deprecated project
- Libreswan: stable and maintained but less native on FreeBSD, might need kernel patches.
- Strongswan: Most complete solution with good documentation and community supports, more protocols than other solutions but might be more complex to configure and is heavier than other solutions.
NOTE: Libreswan and Strongwan are both based on FreeS/WAN project, Libreswan is closer to it's origin whereas Strongwan is a full reimplementation with a focus on IKEv2 and strong authentification
Official documentation
Linked to T2202
