GRE tunnel: Difference between revisions
From Nasqueron Agora
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
'''1. Racoon2:''' | '''1. Racoon2:''' | ||
* | *'''Advantages:''' | ||
* Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions. | |||
* Native on FreeBSD. | |||
* Simple configuration for point-to-point. | |||
* | *'''Disadvantages:''' | ||
* Project not actively maintained, last update was in 2020. | |||
* Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions. | |||
* Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses. | |||
* Harder to configure for complex setups. | |||
'''2. Libreswan:''' | '''2. Libreswan:''' | ||
**Advantages: | **Advantages: | ||
* Actively maintained and stable on older hardware | |||
* IRC community. | |||
* Support NAT traversal, IKEv2 and enterprise VPN. | |||
**Disadvantages: | **Disadvantages: | ||
* Less native support on FreeBSD. | |||
* heavier on ressource usage. | |||
* might need kernel patches. | |||
'''3. Strongswan:''' | '''3. Strongswan:''' | ||
* | *'''Advantages:''' | ||
* Modern and actively maintained. | |||
* Full support for IKEv2, EAP, PKI and Mobike | |||
* Well documented with community support. | |||
* Native of FreeBSD and Linux. | |||
*'''Disadvantages:''' | |||
* | * More complex to configure than racoon2 and libreswan. | ||
* Slightly heavier on ressources | |||
#'''Summary:''' | #'''Summary:''' | ||
Revision as of 13:13, 9 February 2026
IPsec solutions
- IPsec solutions Racoon2 Libreswan Strongswan.
1. Racoon2:
- Advantages:
- Lightweight and easy to use with minimal CPU/RAM usage, compared to other solutions.
- Native on FreeBSD.
- Simple configuration for point-to-point.
- Disadvantages:
- Project not actively maintained, last update was in 2020.
- Limited support for modern features (IKEv2, NAT traversal), configuration is possible but may be more complex than others solutions.
- Apple clients can have difficulty connecting because of the limitations of pfkeyv2 interface to the linux kernel that racoon2 uses.
- Harder to configure for complex setups.
2. Libreswan:
- Advantages:
- Actively maintained and stable on older hardware
- IRC community.
- Support NAT traversal, IKEv2 and enterprise VPN.
- Disadvantages:
- Less native support on FreeBSD.
- heavier on ressource usage.
- might need kernel patches.
3. Strongswan:
- Advantages:
- Modern and actively maintained.
- Full support for IKEv2, EAP, PKI and Mobike
- Well documented with community support.
- Native of FreeBSD and Linux.
- Disadvantages:
- More complex to configure than racoon2 and libreswan.
- Slightly heavier on ressources
- Summary:
- Racoon2: easier to configure for basic setups but it is a deprecated project
- Libreswan: stable and maintained but less native on FreeBSD, might need kernel patches.
- Strongswan: Most modern solution with good documentation and community supports more protocols than the other solutions but might be more complex to configure and is heavier than others solutions
