Switch from strongSwan to Openswan/Libreswan?



  • Issue of L2TP/IPsec not working, seem to be from strongSwan. Why not switch to Openswan/Libreswan which seem to do work (at least under Ubuntu, nothing to do with FreeBSD): https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_with_Ubuntu_14.04.html )?

    Before saying IKEv2 works, L2TP/IPsec pretty much is supported in EVERY SINGLE OS while IKEv2 is supported in modern OSs and other must be installed as a third party application. Its hard work but it would pay off in the long run as a alternative to OpenVPN which suffers from the same thing (third party)

    Thank you


  • Rebel Alliance Developer Netgate

    IKEv2 is the answer. Nobody wants to work on L2TP/IPsec in strongSwan since it's dying off and has issues with NAT.

    The only current OS that doesn't have IKEv2 built in is Android. (Sure you have to install some libs for Linux to work but that's true of all VPN types)

    Most built-in clients are shit, I don't get people's obsessions with them. If it works well, it doesn't matter if it's built-in or third-party.



  • @jimp:

    IKEv2 is the answer. Nobody wants to work on L2TP/IPsec in strongSwan since it's dying off and has issues with NAT.

    Ironically the quoted website, raymil.org recommends exactly the same:

    No L2TP?
    The previous tutorials all used L2TP to set up the VPN tunnel and use IPSEC only for the encryption. With the IKEv2 protocol and recent operating systems (like OS X 10.8+, Android 4+, iOS 6+ and Windows 7+) supporting IKEv2 we can also use IPSEC to set up the tunnel, before we used IPSEC to do that.

    This VPN will therefore not work out of the box on older operating systems. See my other tutorials with L2TP on how to do that.


Log in to reply