1 |
On 05/11/2013 03:13 PM, Nick Khamis wrote: |
2 |
> Hello Everyone, |
3 |
> |
4 |
> Our service provider requires all connections between us be done |
5 |
> through IPSec IKE. From the little bit of research, I found that this |
6 |
> is achieved using a system with IPSec kernel modules enabled, along |
7 |
> with cryptography modules. On the application level, I saw ipsec tool, |
8 |
> OpenSWAN, and OpenVPN. |
9 |
> |
10 |
> What I was wondering is which should be used for traffic intensive |
11 |
> connections in a deployment environment. Without starting any OpenVPN |
12 |
> vs OpenSwan debate, we would really like to keep the application level |
13 |
> to a minimum. Meaning if we could achieve the tunnel using the |
14 |
> required kernel modules, ipsec-tools and iptables, we see that as |
15 |
> keeping it simple and effective. |
16 |
> |
17 |
> Your insight, suggested how-to pages are greatly appreciated. |
18 |
|
19 |
To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates |
20 |
either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your |
21 |
service provider requires IPSec and IKE, best forget about OpenVPN. |
22 |
|
23 |
http://www.ipsec-howto.org/x304.html |
24 |
|
25 |
Look under "Automatic keyed connections using racoon" |