Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC - Differences between new and legacy mode
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC - Differences between new and legacy mode (Read 1318 times)
smema79
Newbie
Posts: 29
Karma: 0
IPSEC - Differences between new and legacy mode
«
on:
June 01, 2023, 12:17:08 pm »
Hello everyone.
I have read the docs on the portal regarding to the IPSEC section and I have some questions about it.
I would like to thank from the outset those who will take the time to give me answers.
1) I understand that the new modality was implemented to improve the usability of the IPsec system, relegating the old one under "Tunnel Settings" (former legacy mode). For those who have VPNs configured in Legacy mode, will they then have to be migrated to the new version in the next future?
2) The new version seems to me to be missing the lifetime values that is usually indicated for SA and IKE. correct?
3) can the two modes co-exist with each other?
4) since this is an OPN decision, will there then be some function that will allow the conversion of legacy tunnels to the new mode?
Thanks again
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: IPSEC - Differences between new and legacy mode
«
Reply #1 on:
June 01, 2023, 01:11:40 pm »
Hi,
1.) Eventually the tunnel configuration will disappear. Migration was discussed but -- historically this section was for racoon IPsec which was also supported by StrongSwan but now deprecated and the new MVC connections offer the swanctl.conf Syntax and a more straight-forward approach to IPsec -- in the end it's unlikely that an automatic migration will take place perhaps leading up to OPNsense 24.1 removing the legacy IPsec tunnel configuration so everything needs to be moved over at the end of the 23.7.x series in order to keep working.
2.) There is a dicussion about this here.. it seems to be a bit convoluted:
https://github.com/opnsense/core/issues/6370
3.) Yes, as long as both are available (see first point).
4.) See first point. It's difficult. The official doc is here:
https://wiki.strongswan.org/projects/strongswan/wiki/Fromipsecconf
Cheers,
Franco
Logged
smema79
Newbie
Posts: 29
Karma: 0
Re: IPSEC - Differences between new and legacy mode
«
Reply #2 on:
June 01, 2023, 07:57:56 pm »
Thank you for the clarification
Inviato dal mio SM-A336B utilizzando Tapatalk
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
IPSEC - Differences between new and legacy mode