[Shorewall-users] Vpn Ipsec nat

Nicola Murino n.murino at itia.cnr.it
Tue Mar 23 09:38:59 PST 2004


Thanks,

I'll try openvpn

Nicola

 >
 > I can second that. Busted my chops with ipsec on and off for a few months
 > with no success, then after switching to openvpn, I had it configured and
 > running in no time.
 >
I second the notion that OpenVPN is a better solution for Linux<->Linux
VPN. Furthermore, the 2.6 Kernel's implementation of IPSEC is currently
broken with respect to Netfilter/iptables. Even when the implementation
is fixed, it will still be awkward to firewall IPSEC because of the
elimination of the 'ipsecN' devices.
So unless there is a need for IPSEC for compatibility, I would avoid it.
-Tom
-- 
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net



More information about the Shorewall-users mailing list