Gentoo Archives: gentoo-user

From: Michael Mol <mikemol@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Traffic Intensive IPSec Tunnel
Date: Sun, 12 May 2013 02:14:43
Message-Id: 518EFB06.4000000@gmail.com
In Reply to: [gentoo-user] Traffic Intensive IPSec Tunnel by Nick Khamis
1 On 05/11/2013 03:13 PM, Nick Khamis wrote:
2 > Hello Everyone,
3 >
4 > Our service provider requires all connections between us be done
5 > through IPSec IKE. From the little bit of research, I found that this
6 > is achieved using a system with IPSec kernel modules enabled, along
7 > with cryptography modules. On the application level, I saw ipsec tool,
8 > OpenSWAN, and OpenVPN.
9 >
10 > What I was wondering is which should be used for traffic intensive
11 > connections in a deployment environment. Without starting any OpenVPN
12 > vs OpenSwan debate, we would really like to keep the application level
13 > to a minimum. Meaning if we could achieve the tunnel using the
14 > required kernel modules, ipsec-tools and iptables, we see that as
15 > keeping it simple and effective.
16 >
17 > Your insight, suggested how-to pages are greatly appreciated.
18
19 To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates
20 either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your
21 service provider requires IPSec and IKE, best forget about OpenVPN.
22
23 http://www.ipsec-howto.org/x304.html
24
25 Look under "Automatic keyed connections using racoon"

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-user] Traffic Intensive IPSec Tunnel Nick Khamis <symack@×××××.com>