| 1 |
Thanks yet again Michael! Enjoy your weekend. |
| 2 |
|
| 3 |
N. |
| 4 |
|
| 5 |
On 5/11/13, Michael Mol <mikemol@×××××.com> wrote: |
| 6 |
> On 05/11/2013 03:13 PM, Nick Khamis wrote: |
| 7 |
>> Hello Everyone, |
| 8 |
>> |
| 9 |
>> Our service provider requires all connections between us be done |
| 10 |
>> through IPSec IKE. From the little bit of research, I found that this |
| 11 |
>> is achieved using a system with IPSec kernel modules enabled, along |
| 12 |
>> with cryptography modules. On the application level, I saw ipsec tool, |
| 13 |
>> OpenSWAN, and OpenVPN. |
| 14 |
>> |
| 15 |
>> What I was wondering is which should be used for traffic intensive |
| 16 |
>> connections in a deployment environment. Without starting any OpenVPN |
| 17 |
>> vs OpenSwan debate, we would really like to keep the application level |
| 18 |
>> to a minimum. Meaning if we could achieve the tunnel using the |
| 19 |
>> required kernel modules, ipsec-tools and iptables, we see that as |
| 20 |
>> keeping it simple and effective. |
| 21 |
>> |
| 22 |
>> Your insight, suggested how-to pages are greatly appreciated. |
| 23 |
> |
| 24 |
> To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates |
| 25 |
> either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your |
| 26 |
> service provider requires IPSec and IKE, best forget about OpenVPN. |
| 27 |
> |
| 28 |
> http://www.ipsec-howto.org/x304.html |
| 29 |
> |
| 30 |
> Look under "Automatic keyed connections using racoon" |
| 31 |
> |
| 32 |
> |
| 33 |
> |
Archives