Differences

This shows you the differences between two versions of the page.

--- userdoc:tt_ipsec_vpn_strongswan [2017/01/14 08:28]
droemel
+++ userdoc:tt_ipsec_vpn_strongswan [2020/12/09 10:33]
abelbeck [IPsec VPN (strongSwan) Configuration]
@@ Line 4: / Line 4: @@
 The web interface Network tab, "IPsec Peers" and "IPsec Mobile" VPN Types are still supported using [[https://sourceforge.net/projects/ipsec-tools/|ipsec-tools (racoon)]], the "IPsec strongSwan" method is a more feature rich alternative to the other IPsec methods.
+!!Note:!!  The ipsec-tools (racoon) support in AstLinux is **deprecated**, and will be **removed** in the near future. The ipsec-tools project is now abandoned and its source has been lagging behind in adapting to new threats.
 Three key strongSwan features not found in ipsec-tools (racoon):
@@ Line 13: / Line 15: @@
 How does this apply within AstLinux ...
-  * It is clear to the development team that we can't "switch" to strongSwan, at least for now, we need to understand strongSwan better, plus a point-and-click web interface like our current IPsec Peers / IPsec Mobile would limit strongSwan features.
+  * A point-and-click web interface like the deprecated IPsec Peers / IPsec Mobile would limit strongSwan features.
   * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1.
   * strongSwan is needed to interoperate with [[https://en.avm.de/products/fritzbox/|AVM FRITZ!Box]]((Quality home routers/PBX, used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe.
@@ Line 86: / Line 88: @@
     keyingtries=%forever
-!!Note: ''auto=route'' seems to work better with reconnecting, when the other side is down for a while.
+!!Note:!! ''auto=route'' seems to work better with reconnecting, when the other side is down for a while.
 \\
 **astlinux.example.tld: /etc/ipsec.secrets**