The state of IPSec in Debian

To: debian-user@lists.debian.org
Subject: The state of IPSec in Debian
From: Ralph Aichinger <ra@pi.h5.or.at>
Date: Thu, 24 Oct 2019 16:27:10 +0200
Message-id: <[🔎] 20191024142710.GA27521@pi.h5.or.at>

Hi!

I am not a completely unexperienced user of Debian, but sometimes
certain subsystems and choices still puzzle me. Right now this
is IPSec.

There used to be several implementations, but am I right that
the only sensible one right now is Strongswan?

https://wiki.debian.org/IPsec

goes on about the "experimental" Linux 2.5 series and "now that Sarge
is released", i.e. is woefully out of date, so much that I would call
it confusing.

Is there some more recent documentation on setting up an ipsec
tunnel on Debian in 2019 (and not in 2009 ;) or should I just go
by the StrongSwan docs, e.g.

https://www.strongswan.org/testing/testresults/swanctl/net2net-psk/

?

Strongswan seems to have two configuration systems, the 
"deprecated" stroke plugin with ipsec.conf and the
"preferred" vici plugin with "swanctl.conf". Should I 
use the "deprecated" stuff with Debian nevertheless?

Or am I completely wrong and should I use some other implementation?

TIA
/ralph
-- 
-----------------------------------------------------------------------------
                                                              https://aisg.at
                                                   ausserirdische sind gesund

Reply to:

Follow-Ups:
- Re: The state of IPSec in Debian
  - From: debian@jherrero.org

Prev by Date: What every programmer should know about memory, in 2019?
Next by Date: Firefox Seems to Have a Mind of It's Own
Previous by thread: Re: What every programmer should know about memory, in 2019?
Next by thread: Re: The state of IPSec in Debian
Index(es):
- Date
- Thread