
Show HN: IPsec/L2TP VPN server auto install scripts - hwdsl2
https://github.com/hwdsl2/setup-ipsec-vpn
======
dozzie
You do realize that L2TP is only slapped on top of IPsec because Windows is
brain-dead? And that you can do with just IPsec?

And you do realize that your method of installing *Swan is just as brain-dead
as using L2TP? You make a big mess in the system for no good reason, as
strongSwan is a Debian stable package, and you don't use KLIPS.

Your install script makes even more stupid things, like replacing current
firewall rules with your own without any regard.

The only thing you got right is to use FreeS/WAN descendant, as ipsec-tools is
atrocious.

~~~
hwdsl2
Thanks for the feedback!

The reason I chose Libreswan [1] (over Openswan) is that it is more actively
developed with recent patches [2]. I have not tried strongSwan as of yet.

Regarding the firewall rules: The VPN scripts are intended to be run on a
freshly installed Linux system. By adding those IPTables rules, the OS would
be better protected from network attacks. For example, the L2TP port UDP 1701
is closed for traffic other than those via IPsec.

[1] [https://libreswan.org](https://libreswan.org)

[2] [https://nohats.ca/wordpress/blog/2014/02/16/development-
of-l...](https://nohats.ca/wordpress/blog/2014/02/16/development-of-libreswan-
vs-openswan/)

