1 |
Thanks yet again Michael! Enjoy your weekend. |
2 |
|
3 |
N. |
4 |
|
5 |
On 5/11/13, Michael Mol <mikemol@×××××.com> wrote: |
6 |
> On 05/11/2013 03:13 PM, Nick Khamis wrote: |
7 |
>> Hello Everyone, |
8 |
>> |
9 |
>> Our service provider requires all connections between us be done |
10 |
>> through IPSec IKE. From the little bit of research, I found that this |
11 |
>> is achieved using a system with IPSec kernel modules enabled, along |
12 |
>> with cryptography modules. On the application level, I saw ipsec tool, |
13 |
>> OpenSWAN, and OpenVPN. |
14 |
>> |
15 |
>> What I was wondering is which should be used for traffic intensive |
16 |
>> connections in a deployment environment. Without starting any OpenVPN |
17 |
>> vs OpenSwan debate, we would really like to keep the application level |
18 |
>> to a minimum. Meaning if we could achieve the tunnel using the |
19 |
>> required kernel modules, ipsec-tools and iptables, we see that as |
20 |
>> keeping it simple and effective. |
21 |
>> |
22 |
>> Your insight, suggested how-to pages are greatly appreciated. |
23 |
> |
24 |
> To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates |
25 |
> either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your |
26 |
> service provider requires IPSec and IKE, best forget about OpenVPN. |
27 |
> |
28 |
> http://www.ipsec-howto.org/x304.html |
29 |
> |
30 |
> Look under "Automatic keyed connections using racoon" |
31 |
> |
32 |
> |
33 |
> |