Openswan or racoon

If all you need is a tunnel between two machines you control, I'd recommend OpenVPN (http://openvpn.net/). Well documented, and no kernel stuff to mess with.

I use both Racoon for site-to-site tunneling and OpenVPN for road-warrior vpn (although I wouldn't discourage anyone from using OpenVPN for site-to-site either).

What particular problems are you concerned with? I don't know what you mean by "we face the same problem."

IPSec requires a set of kernel modules to be loaded or built in, but outside of that you don't really need to do anything to the kernel; it's just daemon configuration like any other server after that.

I'm afraid I haven't used Openswan, so I'm probably not very useful with that particular setup.

@CybrMatt:

I use both Racoon for site-to-site tunneling and OpenVPN for road-warrior vpn (although I wouldn't discourage anyone from using OpenVPN for site-to-site either).

I've been using OpenVPN for road-warrior's for a while and I have noticed that the TAP Adapter v9 (installed by OpenVPN on a Windows client) has a 10MB/s Interface.

I've also found that on a 1Gbps LAN it maxes out the this 10MB's VPN link and doesn't go above this when transfering data.

Has anyone found a way to increase this TAP interface size?

Cheers,

Rich.