userdoc:tt_ipsec_vpn_strongswan

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
userdoc:tt_ipsec_vpn_strongswan [2020/12/04 13:59]
abelbeck [IPsec VPN (strongSwan) Configuration] 		userdoc:tt_ipsec_vpn_strongswan [2020/12/09 10:35]
abelbeck [IPsec VPN (strongSwan) Configuration]
Line 5: Line 5:
 The web interface Network tab, "IPsec Peers" and "IPsec Mobile" VPN Types are still supported using [[https://sourceforge.net/projects/ipsec-tools/|ipsec-tools (racoon)]], the "IPsec strongSwan" method is a more feature rich alternative to the other IPsec methods. The web interface Network tab, "IPsec Peers" and "IPsec Mobile" VPN Types are still supported using [[https://sourceforge.net/projects/ipsec-tools/|ipsec-tools (racoon)]], the "IPsec strongSwan" method is a more feature rich alternative to the other IPsec methods.
  
-!!Note: !!  The ipsec-tools (racoon) support in AstLinux is **deprecated**, and will be **removed** in the near future.+!!Note:!!  The ipsec-tools (racoon) support in AstLinux is **deprecated**, and will be **removed** in the near future. The ipsec-tools project is now abandoned and its source has been lagging behind in adapting to new threats.
  
 Three key strongSwan features not found in ipsec-tools (racoon): Three key strongSwan features not found in ipsec-tools (racoon):
Line 15: Line 15:
 How does this apply within AstLinux ... How does this apply within AstLinux ...
  
-  * It is clear to the development team that we can't "switch" to strongSwan, at least for now, we need to understand strongSwan better, plus a point-and-click web interface like our current IPsec Peers / IPsec Mobile would limit strongSwan features.+  * point-and-click web interface like the deprecated IPsec Peers / IPsec Mobile would limit strongSwan features.
   * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1.   * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1.
   * strongSwan is needed to interoperate with [[https://en.avm.de/products/fritzbox/|AVM FRITZ!Box]]((Quality home routers/PBX, used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe.   * strongSwan is needed to interoperate with [[https://en.avm.de/products/fritzbox/|AVM FRITZ!Box]]((Quality home routers/PBX, used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe.
-  * Either racoon or strongSwan can run at a time, so users can continue to use IPsec Peers / IPsec Mobile or use a new text configuration with IPsec strongSwan, but not both. 
  
-At this point in time, the "IPsec strongSwan" method is implemented as a __text based configuration__ (only basic web interface support), so this should be considered for power-user situations.+At this point in time, the "IPsec strongSwan" method is implemented as a __text based configuration__ (only basic web interface support).
  
 !!Warning ->!! It should go without saying, never use the example pre-shared key values shown below, always use as long as practical, randomly generated shared keys. !!Warning ->!! It should go without saying, never use the example pre-shared key values shown below, always use as long as practical, randomly generated shared keys.
  • userdoc/tt_ipsec_vpn_strongswan.txt
  • Last modified: 2021/03/02 08:11
  • by abelbeck