![]() ![]() I can - today! - build a fully meshed IKEv2 VPN between Fortinet, SonicWALL, Cisco IOS, Cisco ASA, pfSense, and OPNsense. I am not keen to use some fancy "proprietary" (proprietary because the only implementation is pre-beta on Linux and even more pre-beta on FreeBSD) that has not seen extensive testing, non-existent multi-vendor implementations, missing a security review of the protocol (comparable with ssh1 vs ssh2), and missing a security review of the implementation of the protocol." IPsec IKEv2 hasn't been around as long (but still 10+ years), but is well-tested and has multiple interoperable implementations. IPsec IKEv1 has been around for 20+ years, and there are multiple interoperable and well-tested implementations. "I don't know about anyone else, but I'll stick with IPsec. I wrote this the last time it came up (with better wording this time)
0 Comments
Leave a Reply. |