[pfSense-discussion] pfsense IPSEC support

[Harald Jenny]

Dear developers,

first I wanted to say thank you for this nice piece of software, I think it can 
keep up with most commercial appliances, the only thing that makes me a little 
bit sad is the IPSEC support. Not really being a great BSD-crack it seems to me 
that the FreeBSD port of isakmpd (combined with a port of sasyncd) would 
improve pfsense's IPSEC capabilities vastly compared to racoon. Maybe you could 
comment on this issue and what it would take to improve IPSEC within pfsense.

Kind regards
Harald Jenny

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] pfsense IPSEC support

[Jim Pingle]

Harald Jenny wrote:
> first I wanted to say thank you for this nice piece of software, I think it 
> can keep up with most commercial appliances, the only thing that makes me a 
> little bit sad is the IPSEC support. Not really being a great BSD-crack it 
> seems to me that the FreeBSD port of isakmpd (combined with a port of 
> sasyncd) would improve pfsense's IPSEC capabilities vastly compared to 
> racoon. Maybe you could comment on this issue and what it would take to 
> improve IPSEC within pfsense.

Perhaps it might help to know what you believe the deficiencies in IPsec
on pfSense are? And what the other implementation offers any better
support or functionality?

The implementation used on pfSense is capable of a lot more, but many
options are not covered by the GUI in 1.2.x. The GUI in 2.0 for IPsec is
greatly improved, but still has a few quirks (it is still alpha-alpha,
after all)

Jim

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org