2015-04-14 22:05 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: > On 2015-04-14 11:44, Eero Volotinen wrote: > >> 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: >> >>> >>> http://serverfault.com/a/655752/24406 >>> >>> If that is accurate, the documentation, and the clustering / load >>> balancing might tilt the balance in the direction of strongSwan. >>> >>> >>> Well, both packages can do ipsec to cisco asa without any problems. >> > > I have this one case where the other end of the connection wants to use > some specific encryption parameters (specific versions of AES and SHA). I > need to make sure that whatever software I use, is capable of providing > that. Better documentation will certainly help. > > And of course, a more actively supported project, with a good security > track record, is very important. > > All these are factors in choosing between Openswan / Libreswan / > strongSwan. > Well, you can use any of these software for such basic tasks. I also think that they are almost compatible with configuration files, so you can later change package, if any problems occurs. I think best choice is software that comes with Centos. I currently use openswan (epel?) Centos and Amazon Linux to connect with checkpoint and cisco asa ipsec hardware devices. -- Eero