On Wed, 10 Dec 2025, Sad Clouds wrote:
On Wed, 10 Dec 2025 10:34:22 +0000 (GMT)
Stephen Borrill <[email protected]> wrote:
I successfully used what was only in base to create an IPsec tunnel to
Azure not that long ago.
--
Stephen
Thanks. I assume you used racoon(8) and IKEv1 and as long as it works
reliably over long periods of time.
That's right. It was very reliable as I used it to run an Active Directory
Domain Controller in Azure linked to a couple running locally.
Looking at IKEv2 features like: EAP
authentication, builtin NAT traversal, MOBIKE support, better security,
etc, I don't think I currently need any of those for my use cases.
I was pleasantly surprised that Azure supported IKEv1. I didn't
require NAT traversal given I have a plentiful supply of IPv4, but if I
had it would have been more work.
Someone suggested trying WireGuard and the new wg(4) driver in
NetBSD-10. I will probably setup both and compare their performance
when used with NFSv3 traffic on a LAN.
It would be interesting to know. Might also be interesting to compare to
OpenVPN.
--
Stephen
