-1

A company I am working with is providing an IPSec VPN tunnel to their network for access to some of their systems.

To my understanding, IPSec tunnels are typically configured through firewalls. The firewalls I have aren't really capable of enough throughput/bandwidth. It's like 25 Mbps over IPSec.

What options exist?

  1. Self-hosted server that is separate from the firewalls? Could I use CentOS or Ubuntu to manage IPSec behind the firewall?
  2. Cloud service. Are there any good Cloud Services for setting up an IPSec Tunnel and then interfacing with that tunnel? I was looking at CloudFlare but they don't seem to have what I need.
  3. Any other options?
GeekGeek4
  • 21
  • 1
  • 2

1 Answers1

0

IPsec tunnels aren't firewall-specific in any way; they are used just like any other VPN tunnel, more or less. You can use them from firewalls just like you can use them from routers or end hosts, it depends more on the exact purpose of the tunnel than the specific protocol.

Linux has several implementations of IKE (the usual IPsec handshake protocol) – strongSwan and LibreSwan are the two that are most up-to-date.

(On the other hand, 'racoon' aka ipsec-tools is ancient. Don't use it regardless of how many tutorials suggest it.)

OpenBSD has 'iked' for IKEv2 and 'isakmpd' for IKEv1. Windows can connect to IKEv2 VPNs configured for "client" use (not site-to-site tunnels), and it has leftover IKEv1 support somewhere else. Many enterprise (-ish) routers also have IPsec support.

user1686
  • 10,162
  • 1
  • 26
  • 42