we have kept it simple in that regard.. we use IPSEC tunnels from our linked
sites to the Host for Hosted systems and L2TP client to the site for prem
systems where they hasve remote teleworkers.. (the remote teleworker receives
a MikroTik router ) which connects to the site..
NAT issues arent an issue on asterisk as long as we add the localnet for each
of the tunnels..
i havent yet tried wireguard.. ive been reading about it... I need to give it
a whirl.-Christopher
On Saturday, September 7, 2019, 10:01:44 AM EDT, Lonnie Abelbeck
<li...@lonnie.abelbeck.com> wrote:
> On Sep 7, 2019, at 3:25 AM, Michael Knill <michael.kn...@ipcsolutions.com.au>
> wrote:
>
> Hi Group
>
> In previous discussions I hinted on wanting to build a full telephony network
> with softswitch and with our significant growth in the last couple of months,
> I believe the time has come to kick it off.
> The problem is that although I have had zero issues with Wireguard and its
> perfect for what I need, its not classified as stable and I'm just concerned
> about using it in production (even though I already am!). OpenVPN is nice and
> stable but the failover time is just not as good and it's a dog to set up.
>
> So just wondering what other people think?
> I looking at 100+ sites terminating onto a Softswitch.
>
> Regards
> Michael Knill
As you know I'm a big fan of WireGuard, and in fact is the only VPN I use
anymore, but I will not suggest to make such an important design decision for
your business, only my opinion.
Here is the current status on the various WireGuard repos:
https://www.wireguard.com/repositories/
The Linux kernel repo is noted as "Complete" (completes its goal mostly and is
actively maintained).
>From what I read [1], WireGuard would be in the mainline Linux Kernel by now
>if it weren't for the internal squabbling on how to organize a new "zinc"
>crypto library WireGuard uses which supersedes some older crypto libraries in
>the kernel. If not for that, the WireGuard tunnel part would have been in the
>Linux kernel (officially) for some time now. Hopefully the crypto squabbling
>will get resolved soon. Linus likes WireGuard.
WireGuard, OpenVPN and IPsec/NAT-Traversal all provide a VPN tunnel over UDP,
but the simplicity and efficiency of WireGuard in the Linux kernel stands out
over the others.
But, also keep in mind that AstLinux's seamless "WireGuard Reload" for
adding/removing/updating peers is in Jason's repo [2], but has not yet been
merged to WG's master (AstLinux includes it as a patch [3]) ... though this is
only a tweak to the "wg" tool and not to the kernel module.
Lonnie
[1] https://lkml.org/lkml/2019/3/25/443
[2] https://git.zx2c4.com/WireGuard/commit/?h=jd/syncconf
[3]
https://github.com/astlinux-project/astlinux/blob/master/package/wireguard/wireguard-0900-syncconf.patch
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
