Which one is better maintained?
From first glance strongSwan appears to be the better option, but Libreswan is backed by Red Hat, so I'm not really sure.
I'll be using IKEv2 certificate authentication with elliptic curve(p256 or ed25519) keys, and xfrm interface route-based VPN.
The heretic (but pragmatic) answer would be wireguard…
--
strongswan has been supported by OpenWrt since basically forever, I have used it in the past - before wireguard.
The proper question is which swan is better maintained in OpenWrt. And, to be honest, both look like second-class citizens.
StrongSwan recently had a build failure in 24.10-rc7 due to incompatible wolfssl changes. Now this is fixed.
Regarding your setup, both swans are suitable. However, as already mentioned, if you control both sides, WireGuard is even better, as it is much easier to set up and comes with a much smaller installation footprint.
Having said that, I think you will find better community support around StrongSwan, as it supports more use cases. LibreSwan still cannot do EAP, that's why I don't use it and will not answer your questions about it.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.