| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
userdoc:tt_ipsec_vpn_strongswan [2021/02/26 08:23]
abelbeck [IPsec VPN (strongSwan) Configuration] |
userdoc:tt_ipsec_vpn_strongswan [2021/03/02 08:11] (current)
abelbeck [IPsec VPN (strongSwan) Configuration] |
| AstLinux now supports the [[https://www.strongswan.org/|strongSwan]] package, an OpenSource IPsec-based VPN solution. | AstLinux now supports the [[https://www.strongswan.org/|strongSwan]] package, an OpenSource IPsec-based VPN solution. |
| |
| !!Note:!! The ipsec-tools (racoon) support in AstLinux has been **removed** in !!AstLinux 1.4.2!!. The [[https://sourceforge.net/projects/ipsec-tools/|ipsec-tools (racoon)]] is now abandoned and its source has been lagging behind in adapting to new threats. | !!Note:!! The ipsec-tools (racoon) support in AstLinux has been **removed** in !!AstLinux 1.4.2!!. The [[https://sourceforge.net/projects/ipsec-tools/|ipsec-tools (racoon)]] project is now abandoned and its source has been lagging behind in adapting to new threats. |
| |
| The web interface Network tab, "IPsec Peers" and "IPsec Mobile" VPN Types that used ipsec-tools (racoon) has been **removed** in !!AstLinux 1.4.2!!., the "IPsec strongSwan" method is a more feature rich alternative to the other IPsec methods. | The web interface Network tab, "IPsec Peers" and "IPsec Mobile" VPN Types that used ipsec-tools (racoon) has been **removed** in !!AstLinux 1.4.2!!., the "IPsec strongSwan" method is a more feature rich alternative to the other IPsec methods. |
| How does this apply within AstLinux ... | How does this apply within AstLinux ... |
| |
| * A point-and-click web interface like the deprecated IPsec Peers / IPsec Mobile would limit strongSwan features. | * A point-and-click web interface like the removed IPsec Peers / IPsec Mobile would limit strongSwan features. |
| * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1. | * strongSwan is needed to support endpoints with changing IP's and dynamic DNS names using IKEv2 MOBIKE, racoon only supports IKEv1. |
| * strongSwan is needed to interoperate with [[https://en.avm.de/products/fritzbox/|AVM FRITZ!Box]]((Quality home routers/PBX, used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe. | * strongSwan is needed to interoperate with [[https://en.avm.de/products/fritzbox/|AVM FRITZ!Box]]((Quality home routers/PBX, used by many ISPs. Good support from the vendor.)) routers, very common in Germany and other parts of Europe. |