On 2006/07/28 06:30, jeraklo wrote: > sorry. got to go with the stable branch (3.9).
ipsec.conf(5) was added for 3.8, and improved between then and -current. isakmpd.conf(5) is no longer present in -current, so it makes sense to use ipsec.conf(5) right away. > OK but do OpenVPN connections survive NAT ? Yes, there are some advantages over isakmp/ipsec:- simple end-user install on the Windows side compression works well you can bridge an ethernet to a remote Windows box (helps with some MS protocols) per-user authentication (rather than per-host) (some of these are handled by MS' l2tp(ppp)-ipsec hybrid but not by standard ipsec). disadvantages:- openvpn is more complicated to install on OpenBSD than ipsec lots of security fixes