On Wed, 8 Apr 2020 13:36:18 -0700
Richard Doyle via Dng <dng@???> wrote:
> Good timing! WireGuard is in the kernel and version 1.0.0 has been
> released. Devuan doesn't provide a package yet, but it is pretty easy
> to build and install from source. I've been running it for months,
> replacing OpenVPN Tunnels. WireGuard is much faster, and I found it
> easier to configure and debug.
>
> As I understand it, FreeSwan is defunct. but OpenSwan is around. Can't
> comment on it, as I haven't used IPSEC VPNs
>
For server to server (the original question)
OpenVPN is a doddle once you know how to set it up. Just a pain
because of certificates, which is where most people struggle.
Libreswan is the most advanced of the *swans encryption wise - their
defaults encryption levels are pretty high with IPSEC v2 (don't use v1).
Devs are pretty helpful too. Be interested to see their comments on
encryption levels and security compared to wireguard.
https://download.libreswan.org/binaries/README.debian
Can't see a Devuan package available but it used to be fairly easy to
build from source.
You can use passwords (if you really have to), RSA Sigs or certificates.
I've used it for years for site to site tunnels as it is pretty stable.
Can't comment on performance as it has never been a major factor for me
so never really tested it. I suspect encryption levels have a fairly
large part to play in this, but I am no cryptographer.
All IMHO :-)
B. Rgds
John