GRE tunnel: Difference between revisions
From Nasqueron Agora
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
'''1. Racoon2:''' | '''1. Racoon2:''' | ||
;Advantages: | ;Advantages : | ||
* Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions. | * Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions. | ||
* Native on FreeBSD. | * Native on FreeBSD. | ||
| Line 43: | Line 43: | ||
*'''Racoon2''': easier to configure for basic setups but it is a deprecated project | *'''Racoon2''': easier to configure for basic setups but it is a deprecated project | ||
*'''Libreswan''': stable and maintained but less native on FreeBSD, might need kernel patches. | *'''Libreswan''': stable and maintained but less native on FreeBSD, might need kernel patches. | ||
*'''Strongswan''': Most modern solution with good documentation and community supports more protocols than the other solutions but might be more complex to configure and is heavier than others solutions | *'''Strongswan''': Most modern solution with good documentation and community supports more protocols than the other solutions but might be more complex to configure and is heavier than others solutions. | ||
Linked to {{T|2202}} | |||
Revision as of 13:32, 9 February 2026
IPsec solutions
IPsec solutions: Racoon2, Libreswan and Strongswan.
1. Racoon2:
- Advantages
- Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions.
- Native on FreeBSD.
- Simple configuration for point-to-point.
- Disadvantages
- Project not actively maintained, last update was in 2020.
- Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions.
- Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses.
- Harder to configure for complex setups.
2. Libreswan:
- Advantages
- Actively maintained and stable on older hardware
- IRC community.
- Support NAT traversal, IKEv2 and enterprise VPN.
- Disadvantages
- Less native support on FreeBSD.
- heavier on ressource usage.
- might need kernel patches.
3. Strongswan:
- Advantages
- Modern and actively maintained.
- Full support for IKEv2, EAP, PKI and Mobike
- Well documented with community support.
- Native of FreeBSD and Linux.
- Disadvantages
- More complex to configure than racoon2 and libreswan.
- Slightly heavier on ressources
- Summary:
- Racoon2: easier to configure for basic setups but it is a deprecated project
- Libreswan: stable and maintained but less native on FreeBSD, might need kernel patches.
- Strongswan: Most modern solution with good documentation and community supports more protocols than the other solutions but might be more complex to configure and is heavier than others solutions.
Linked to T2202
