|
|
|
|
|
|
by terrywang
3452 days ago
|
|
|
L2TP is quite old, itself does not provide encryption or confidentiality to traffic passes thru it. L2TP/IPsec encapsulates data twice at layer 2, it has pros and cons. See this -> https://www.bestvpn.com/blog/4147/pptp-vs-l2tp-vs-openvpn-vs... IKEv{1,2} + IPsec (tunnel mode) is recommended. strongSwan is probably the best free, open source IPsec solution out there (much better than libreswan...), very good documentation and examples etc, actively developed and maintained by a bunch of passionate guys that knows the stuff. Our company (pre-IPO startup) has been using strongSwan for 2+ years as site-to-site solution from on-premises data centres to AWS VPC, proved to be rock solid as long as it's properly configured ;-) The only drawback is that strongSwan currently does not have a mature HA solution but it's shaping up (5.4.0 introduced IKEv2 redirect). Hopefully a proper HA solution will be built on top of that and later productized ;-) BTW: I myself have been using strongSwan since 5.0.x for remote access, to protect privacy, fight censorship (yes, originally from China mainland where GFW is in place, etc...). The native strongSwan client for Android is a killer ;-) HTH |
|
|