Hello all,
Background: I have been working on creating a IPSec protected tunnel between two machines that are both NATed. I am using StrongSWAN, and I have the SAs working with certificates. (yay!)
Now the question is about setting up virtual interfaces between the machines (1 running FreeBSD 13.1 and one running Linux (AWS AMI)). I am not particularly asking about the Linux configuration, (but if anyone wants to contribute knowledge of StrongSWAN on AWS Linux, fire away.) What I can't select is which tunneling interface to select on FreeBSD.
I've read the man pages, done the DuckDuckGo and then Google searches - and honestly, the documentation here is not particularly enlightening. I could go read the code, but really? (Been there, done that - doesn't seem like I should have to in this case.)
So what are the nuances and differences between the interface types: ipsec, gif, and tun? I'm not even including all of the possibilities either. I would be happy to contribute a table to the FreeBSD docs if it would be meaningful in the long haul.
Thoughts? Opinions? Help?
Thanks,
Chris
Background: I have been working on creating a IPSec protected tunnel between two machines that are both NATed. I am using StrongSWAN, and I have the SAs working with certificates. (yay!)
Now the question is about setting up virtual interfaces between the machines (1 running FreeBSD 13.1 and one running Linux (AWS AMI)). I am not particularly asking about the Linux configuration, (but if anyone wants to contribute knowledge of StrongSWAN on AWS Linux, fire away.) What I can't select is which tunneling interface to select on FreeBSD.
I've read the man pages, done the DuckDuckGo and then Google searches - and honestly, the documentation here is not particularly enlightening. I could go read the code, but really? (Been there, done that - doesn't seem like I should have to in this case.)
So what are the nuances and differences between the interface types: ipsec, gif, and tun? I'm not even including all of the possibilities either. I would be happy to contribute a table to the FreeBSD docs if it would be meaningful in the long haul.
Thoughts? Opinions? Help?
Thanks,
Chris