# Experiences Softether VPN as alternative to Openvpn



## BonHomme (Aug 19, 2018)

Has anybody have any recent experience with Softether VPN? 

Softether is included in ports, but on the Softether website it says the performance of Softether on FreeBSD is inferior to that on Linux  https://www.softether.org/4-docs/1-..._VPN_Server/7.5_Install_on_Other_Unix_Systems

I don't care about that as long as the performance is not less than that of Openvpn.

Reactions on the performance of Softether vs OpenVPN are very much appreciated. Also suggestions on other alternatives to OpenVPN are very welcome


----------



## Crest (Aug 20, 2018)

Which features of OpenVPN do you need? Wireguard-go has been ported to FreeBSD as well. It is a lot simpler to deploy correctly than OpenVPN and should offer slightly better performance.


----------



## BonHomme (Aug 20, 2018)

Crest said:


> Which features of OpenVPN do you need? Wireguard-go has been ported to FreeBSD as well. It is a lot simpler to deploy correctly than OpenVPN and should offer slightly better performance.


Thanks for your suggestion but this is not exactly right for me: 


> This is an implementation of WireGuard in Go. *WARNING:* This is a work in progress and not ready for prime time, with no official "releases" yet. It is extremely rough around the edges and leaves much to be desired. There are bugs and we are not yet in a position to make claims about its security. Beware.


----------



## sko (Aug 20, 2018)

In terms of performance and - at least for more simple, single host-to-host VPNs - also config complexity, IPsec is still pretty much king of the hill:
https://www.freebsd.org/doc/handbook/ipsec.html

Although if you need to connect non-UNIX(like) systems, you usually still need to get some 3rd party software with varying degrees of crappyness.

If a mesh-style VPN is needed/preferred, I can recommend security/tinc, which is still far easier to set up and manage than OpenVPN, which is often quite a picky beast and needs rubbing at the right spots to behave. Tinc is also reasonably fast in terms of latency in bridge mode, but for almost all setups I'd highly recommend staying with a routed setup except if you really have problems e.g. with VoIP.


----------



## CyberCr33p (Sep 2, 2020)

sko Thank you for mention tinc. I was looking for a way to encrypt syslogd remote logs and snmp and I didn't want to use a centralized VPN.


----------

