Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:tt_ipsec_vpn_strongswan [2017/01/14 08:29]
droemel
userdoc:tt_ipsec_vpn_strongswan [2020/12/09 10:35] (current)
abelbeck [IPsec VPN (strongSwan) Configuration]
Line 4: Line 4:
  
 The web interface Network tab, "IPsec Peers" and "IPsec Mobile"​ VPN Types are still supported using [[https://​sourceforge.net/​projects/​ipsec-tools/​|ipsec-tools (racoon)]], the "IPsec strongSwan"​ method is a more feature rich alternative to the other IPsec methods. The web interface Network tab, "IPsec Peers" and "IPsec Mobile"​ VPN Types are still supported using [[https://​sourceforge.net/​projects/​ipsec-tools/​|ipsec-tools (racoon)]], the "IPsec strongSwan"​ method is a more feature rich alternative to the other IPsec methods.
 +
 +!!Note:​!! ​ The ipsec-tools (racoon) support in AstLinux is **deprecated**,​ and will be **removed** in the near future. The ipsec-tools project is now abandoned and its source has been lagging behind in adapting to new threats.
  
 Three key strongSwan features not found in ipsec-tools (racoon): Three key strongSwan features not found in ipsec-tools (racoon):
Line 13: Line 15:
 How does this apply within AstLinux ... How does this apply within AstLinux ...
  
-  * It is clear to the development team that we can't "​switch"​ to strongSwan, at least for now, we need to understand strongSwan better, plus a point-and-click web interface like our current ​IPsec Peers / IPsec Mobile would limit strongSwan features.+  * point-and-click web interface like the deprecated ​IPsec Peers / IPsec Mobile would limit strongSwan features.
   * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1.   * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1.
   * strongSwan is needed to interoperate with [[https://​en.avm.de/​products/​fritzbox/​|AVM FRITZ!Box]]((Quality home routers/​PBX,​ used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe.   * strongSwan is needed to interoperate with [[https://​en.avm.de/​products/​fritzbox/​|AVM FRITZ!Box]]((Quality home routers/​PBX,​ used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe.
-  * Either racoon or strongSwan can run at a time, so users can continue to use IPsec Peers / IPsec Mobile or use a new text configuration with IPsec strongSwan, but not both. 
  
-At this point in time, the "IPsec strongSwan"​ method is implemented as a __text based configuration__ (only basic web interface support), so this should be considered for power-user situations.+At this point in time, the "IPsec strongSwan"​ method is implemented as a __text based configuration__ (only basic web interface support).
  
 !!Warning ->!! It should go without saying, never use the example pre-shared key values shown below, always use as long as practical, randomly generated shared keys. !!Warning ->!! It should go without saying, never use the example pre-shared key values shown below, always use as long as practical, randomly generated shared keys.