Note that the following are my opinions only. :)


On Thu, Dec 12, 2002 at 12:25:11AM -0800, Mike Cheponis wrote:
> 1) is IPSec/KAME as good as or better than IPSec/IKE ?  Or do people use
>    the IPSec/IKE port on NetBSD?

Here is one area where I personally would much rather use NetBSD/FreeBSD:
I find the IPSec configuration (from KAME) syntax to be far, far easier
than on OpenBSD.


> 2) Is the OpenBSD "PF" really 3x better than anything else?

While I love both PF and IPFilter, I have to admit to liking PF better.
It has a lot of great features of its own: per-rule limits, easy-to-use
optimization macros, ISN modulation, etc. that afaik are not in IPFilter.
So that's going to be a tough sell.  Of course PF is relatively "new"
compared to IPF and hasn't been deployed for quite as long... and IPFilter
rulesets are going to be more portable between systems, if that matters to
him.  (Then again he can still use IPFilter on OpenBSD, and OTOH, I think
someone's working on porting PF to NetBSD....)

They're both great tools.  With a good ruleset, I'd sleep just as well at
night behind either of them.


> 3) is NetBSD firewalling better/worse/same as OpenBSD firewalling?

See #2 above?  Or did you mean s/firewalling/networking/ ?

Other than issues regarding firewalling, I haven't compared the two on a
raw 'networking' basis -- other people would be best to reply to this.


> 4) How different is OpenBSD from NetBSD when porting to a new arch?

No idea, sorry.


> Thanks for that and any other arguments I can use to persuade them to use
> The Right OS ...

Keep in mind (IMHO of course) that "The Right OS" isn't always necessarily
[insert OS name here].  Maybe OpenBSD _would_ be best for him considering
all the work he's put into it and how familiar he is with it.  Personally,
I like all of these OSes; IPSec would be a big point for NetBSD I think,
and there's the SMP issue if he has any multi-cpu boxes.