On Sat, Dec 05, 2009 at 06:52:47PM -0500, Jim Pingle wrote: > Harald Jenny wrote: > > first I wanted to say thank you for this nice piece of software, I think it > > can keep up with most commercial appliances, the only thing that makes me a > > little bit sad is the IPSEC support. Not really being a great BSD-crack it > > seems to me that the FreeBSD port of isakmpd (combined with a port of > > sasyncd) would improve pfsense's IPSEC capabilities vastly compared to > > racoon. Maybe you could comment on this issue and what it would take to > > improve IPSEC within pfsense. > > Perhaps it might help to know what you believe the deficiencies in IPsec > on pfSense are?
First I want to say sorry this was not meant to insult anybody as I think you do a good work but I thought that there is always room for improvement, especially for so-called enterprise-grade features. > And what the other implementation offers any better > support or functionality? Well isakmpd under OpenBSD as well as strongswan and openswan under Linux offer support for CRLs but maybe I just missed this in pfsense - and with sasyncd in combination with isakmpd IPSEC tunnel states can be replicated as well allowing for seamless VPN failover. > > The implementation used on pfSense is capable of a lot more, but many > options are not covered by the GUI in 1.2.x. I see. > The GUI in 2.0 for IPsec is > greatly improved, but still has a few quirks (it is still alpha-alpha, > after all) Ok maybe I should investigate this further before requesting a new IKE-Daemon. > > Jim Kind regards Harald > > --------------------------------------------------------------------- > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org