[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The state of IPSec in Debian

Ralph Aichinger wrote: 
> On Thu, Oct 24, 2019 at 05:32:51PM +0200, debian@jherrero.org wrote:
> > El jue, 24-10-2019 a las 16:27 +0200, Ralph Aichinger escribió:
> > > Or am I completely wrong and should I use some other implementation?
> > 
> > from
> > 
> > https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#noteworthy-obsolete-packages
> > | Users are encouraged to migrate to libreswan, which has broader
> > | protocol compatibility and is being actively maintained upstream.
> Thanks!
> This could be interpreted as: Who uses these obsoleted packages
> is best served with libreswan, but does this also hold for new 
> installations starting from scratch with buster?
> I have e.g. looked at popcon stats and unless I am missing something
> StrongSwan is much more popular than LibreSwan. Or did I overlook
> something?
> LibreSwan has some RedHat backing(?), is there some kind of pull
> towards LibreSwan from StrongSwan?

StrongSwan used to be the best supported, but LibreSwan is now.
Things change.

If you need solid VPN support and control all the endpoints,
Wireguard may be an even better choice -- if for no other reason
than debugging is much, much simpler. IPsec would be great if
it weren't for the need to debug connections...


Reply to: