With IPSec native client in MacOS, there are several problems: - multiple users ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

vetinari on Jan 13, 2021 | parent | context | favorite | on: Response to “WireGuard: great protocol, but skip t...

With IPSec native client in MacOS, there are several problems:

- multiple users on the same machine cannot have their own credentials for the same tunnel; you have to create several tunnels and each user sees all of them. Obviously, you cannot save password then.

- if you want to setup routing for your L2TP split-tunel, you have to create bash scripts (ip-up, ip-down) in /etc/ppp. Not even Linux makes you to do this by hand.

Compared to this, Wireguard for Mac is much more polished.

nuker on Jan 13, 2021 [–]

Why L2TP and not IKEv2?

vetinari on Jan 13, 2021 | [–]

Depends on the other side, too.

Otherwise, a good question for Ubiquity, why they don't support IKEv2 (among other things), when they are using strongswan underneath anyway.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact