Florin Andrei
2015-Apr-14 18:40 UTC
[CentOS] state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
On 2015-04-14 11:25, Gordon Messmer wrote:> On 04/14/2015 11:07 AM, Florin Andrei wrote: >> I looked in the yum repositories for CentOS 7 and I noticed that there >> are no packages for any of the major open source IPSec VPN apps - >> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >> packages. > > libreswan replaced openswan, and is available in the CentOS 7 repo.I just noticed that strongSwan is in EPEL. I'm also looking at this comment on ServerFault: http://serverfault.com/a/655752/24406 If that is accurate, the documentation, and the clustering / load balancing might tilt the balance in the direction of strongSwan. -- Florin Andrei http://florin.myip.org/
Eero Volotinen
2015-Apr-14 18:44 UTC
[CentOS] state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>:> On 2015-04-14 11:25, Gordon Messmer wrote: > >> On 04/14/2015 11:07 AM, Florin Andrei wrote: >> >>> I looked in the yum repositories for CentOS 7 and I noticed that there >>> are no packages for any of the major open source IPSec VPN apps - >>> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >>> packages. >>> >> >> libreswan replaced openswan, and is available in the CentOS 7 repo. >> > > I just noticed that strongSwan is in EPEL. > > I'm also looking at this comment on ServerFault: > > http://serverfault.com/a/655752/24406 > > If that is accurate, the documentation, and the clustering / load > balancing might tilt the balance in the direction of strongSwan. > >Well, both packages can do ipsec to cisco asa without any problems. -- Eero
Florin Andrei
2015-Apr-14 19:05 UTC
[CentOS] state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
On 2015-04-14 11:44, Eero Volotinen wrote:> 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: >> >> http://serverfault.com/a/655752/24406 >> >> If that is accurate, the documentation, and the clustering / load >> balancing might tilt the balance in the direction of strongSwan. >> >> > Well, both packages can do ipsec to cisco asa without any problems.I have this one case where the other end of the connection wants to use some specific encryption parameters (specific versions of AES and SHA). I need to make sure that whatever software I use, is capable of providing that. Better documentation will certainly help. And of course, a more actively supported project, with a good security track record, is very important. All these are factors in choosing between Openswan / Libreswan / strongSwan. -- Florin Andrei http://florin.myip.org/
Reasonably Related Threads
- state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
- state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
- state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
- state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
- IPSec multiple VPN setups