Hi, On Mon, 21.08.2006 at 15:43:14 +0200, Sven Ingebrigt Ulland <[EMAIL PROTECTED]> wrote: > How long have you been running openbsd isakmpd/ipsec (in production)?
I think I run this stuff since around 2000, or 2001 at the latest. > What problems, if any, have you had with the openbsd vpn > implementations? Which of them are the most recurring? How do you > usually fix them? There were some compatibility issues in earlier releases which were fixed quite fast (MANY thanks!). We had a few cases where isakmpd went down, but decided early to fix these by using process supervisors (also years ago, I don't know if these problems are still there). We use almost all "easy" features isakmpd has. Otherwise, I can't remember a problem. > Have you experienced any interoperability problems when establishing > tunnels with peers that run other implementations (cisco, checkpoint, > etc)? And if so, how do you work around those? My experience is that most other devices I encountered so far are much less flexible and powerful than is OpenBSD. So, interoperating often means finding out what the other side can't, and then take the best out of what remains. I can only say that OpenBSD is very much recommended for serious IPSEC usage. Best, --Toni++
