GRE tunnel: Difference between revisions
From Nasqueron Agora
No edit summary |
No edit summary |
||
| Line 9: | Line 9: | ||
* Simple configuration for point-to-point. | * Simple configuration for point-to-point. | ||
;Disadvantages: | |||
* Project not actively maintained, last update was in 2020. | * Project not actively maintained, last update was in 2020. | ||
* Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions. | * Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions. | ||
| Line 16: | Line 16: | ||
'''2. Libreswan:''' | '''2. Libreswan:''' | ||
;Advantages: | |||
* Actively maintained and stable on older hardware | * Actively maintained and stable on older hardware | ||
* IRC community. | * IRC community. | ||
* Support NAT traversal, IKEv2 and enterprise VPN. | * Support NAT traversal, IKEv2 and enterprise VPN. | ||
;Disadvantages: | |||
* Less native support on FreeBSD. | * Less native support on FreeBSD. | ||
* heavier on ressource usage. | * heavier on ressource usage. | ||
| Line 27: | Line 27: | ||
'''3. Strongswan:''' | '''3. Strongswan:''' | ||
;Advantages: | |||
* Modern and actively maintained. | * Modern and actively maintained. | ||
| Line 34: | Line 34: | ||
* Native of FreeBSD and Linux. | * Native of FreeBSD and Linux. | ||
;Disadvantages: | |||
* More complex to configure than racoon2 and libreswan. | * More complex to configure than racoon2 and libreswan. | ||
Revision as of 13:17, 9 February 2026
IPsec solutions
- IPsec solutions Racoon2 Libreswan Strongswan.
1. Racoon2:
- Advantages
- Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions.
- Native on FreeBSD.
- Simple configuration for point-to-point.
- Disadvantages
- Project not actively maintained, last update was in 2020.
- Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions.
- Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses.
- Harder to configure for complex setups.
2. Libreswan:
- Advantages
- Actively maintained and stable on older hardware
- IRC community.
- Support NAT traversal, IKEv2 and enterprise VPN.
- Disadvantages
- Less native support on FreeBSD.
- heavier on ressource usage.
- might need kernel patches.
3. Strongswan:
- Advantages
- Modern and actively maintained.
- Full support for IKEv2, EAP, PKI and Mobike
- Well documented with community support.
- Native of FreeBSD and Linux.
- Disadvantages
- More complex to configure than racoon2 and libreswan.
- Slightly heavier on ressources
- Summary:
- Racoon2: easier to configure for basic setups but it is a deprecated project
- Libreswan: stable and maintained but less native on FreeBSD, might need kernel patches.
- Strongswan: Most modern solution with good documentation and community supports more protocols than the other solutions but might be more complex to configure and is heavier than others solutions
