|
|
| (2 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| #IPsec solutions Racoon2 Libreswan Strongswan.
| |
|
| |
|
| '''1. Racoon2:'''
| |
| **Advantages:
| |
| - Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions.
| |
| - Native on FreeBSD.
| |
| - Simple configuration for point-to-point.
| |
|
| |
| **Disadvantages:
| |
| - Project not actively maintained, last update was in 2020.
| |
| - Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions.
| |
| - Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses.
| |
| - Harder to configure for complex setups.
| |
|
| |
| '''2. Libreswan:'''
| |
| **Advantages:
| |
| - Actively maintained and stable on older hardware
| |
| - IRC community.
| |
| - Support NAT traversal, IKEv2 and enterprise VPN.
| |
|
| |
| **Disadvantages:
| |
| - Less native support on FreeBSD.
| |
| - heavier on ressource usage.
| |
| - might need kernel patches.
| |
|
| |
| '''3. Strongswan:'''
| |
| **Advantages:
| |
| - Modern and actively maintained.
| |
| - Full support for IKEv2, EAP, PKI and Mobike
| |
| - Well documented with community support.
| |
| - Native of FreeBSD and Linux.
| |
|
| |
| **Disadvantages:
| |
| - More complex to configure than racoon2 and libreswan.
| |
| - Slightly heavier on ressources
| |
|
| |
| #'''Summary:'''
| |
|
| |
| **Racoon2: easier to configure for basic setups but it is a deprecated project
| |
| **Libreswan: stable and maintained but less native on FreeBSD, might need kernel patches.
| |
| **Strongswan: Most modern solution with good documentation and community supports more protocols than the other solutions but might be more complex to configure and is heavier than others solutions
| |
