Openswan or racoon

Has anyone installed Openswan for an IPsec tunnel? Everything seems to be confugred correctly but maybe there are some kernel issues. Is there something we have to do before installing Openswan?

We have also the option of using racoon, but we face the same problem.

Looking forward to hearing from you.

3 Replies

If all you need is a tunnel between two machines you control, I'd recommend OpenVPN (http://openvpn.net/). Well documented, and no kernel stuff to mess with.

I use both Racoon for site-to-site tunneling and OpenVPN for road-warrior vpn (although I wouldn't discourage anyone from using OpenVPN for site-to-site either).

What particular problems are you concerned with? I don't know what you mean by "we face the same problem."

IPSec requires a set of kernel modules to be loaded or built in, but outside of that you don't really need to do anything to the kernel; it's just daemon configuration like any other server after that.

I'm afraid I haven't used Openswan, so I'm probably not very useful with that particular setup.

@CybrMatt:

I use both Racoon for site-to-site tunneling and OpenVPN for road-warrior vpn (although I wouldn't discourage anyone from using OpenVPN for site-to-site either).

I've been using OpenVPN for road-warrior's for a while and I have noticed that the TAP Adapter v9 (installed by OpenVPN on a Windows client) has a 10MB/s Interface.

I've also found that on a 1Gbps LAN it maxes out the this 10MB's VPN link and doesn't go above this when transfering data.

Has anyone found a way to increase this TAP interface size?

Cheers,

Rich.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct