From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B28371381F3 for ; Sun, 12 May 2013 02:14:43 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CA039E094A; Sun, 12 May 2013 02:14:36 +0000 (UTC) Received: from mail-ia0-f179.google.com (mail-ia0-f179.google.com [209.85.210.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9F12CE08B5 for ; Sun, 12 May 2013 02:14:35 +0000 (UTC) Received: by mail-ia0-f179.google.com with SMTP id h37so987137iak.38 for ; Sat, 11 May 2013 19:14:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type; bh=IT1eZD3amYx8Y9GBdJEuc/0vDCRIhQ8XOGRDMX/UBJA=; b=ro4NT7BZBhA3mbw1FstpxMmoAr71Jj9aVBb6+LqYcrnX8DYuMR2Nx4UceM+dLU0QGT 6dF+H46VtXa9xDfftcayVjebPtVrVHD9xXMfXgZENPGEHWfdkzU16yJ//xIsPM4csfaH dH4ye86abMGllRLKaArYPhBdc8lrEMmo++qhJT9fpWzLYVjR6K7VgON/Wyz6BEQeQpzj Q9BGO9fiJ8oxszYbMZhLe5vgZR8HhF/q2dVVfB6BRrCuP761BBDMHJwi0bddW1v8i1Xj yBXTpaUKGlTfyJ73kYQB8PdhIS3RSeBE7Om5ENl/DS568UIq02yLnE5DanwcBPJ/Xfhu gRbg== X-Received: by 10.50.32.103 with SMTP id h7mr6297652igi.35.1368324874808; Sat, 11 May 2013 19:14:34 -0700 (PDT) Received: from ?IPv6:2001:5c0:1000:a::19c5? ([2001:5c0:1000:a::19c5]) by mx.google.com with ESMTPSA id xc3sm8210275igb.10.2013.05.11.19.14.33 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 11 May 2013 19:14:34 -0700 (PDT) Message-ID: <518EFB06.4000000@gmail.com> Date: Sat, 11 May 2013 22:14:30 -0400 From: Michael Mol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130222 Thunderbird/17.0.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Traffic Intensive IPSec Tunnel References: In-Reply-To: X-Enigmail-Version: 1.5 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2PGCCGVJNSNKEXSTISJMQ" X-Archives-Salt: 590926a3-14fa-4f8b-aeac-f7bf08e0b73b X-Archives-Hash: 79337ffbfa3b271cd1e31645c1d37b77 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2PGCCGVJNSNKEXSTISJMQ Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 05/11/2013 03:13 PM, Nick Khamis wrote: > Hello Everyone, >=20 > Our service provider requires all connections between us be done > through IPSec IKE. From the little bit of research, I found that this > is achieved using a system with IPSec kernel modules enabled, along > with cryptography modules. On the application level, I saw ipsec tool, > OpenSWAN, and OpenVPN. >=20 > What I was wondering is which should be used for traffic intensive > connections in a deployment environment. Without starting any OpenVPN > vs OpenSwan debate, we would really like to keep the application level > to a minimum. Meaning if we could achieve the tunnel using the > required kernel modules, ipsec-tools and iptables, we see that as > keeping it simple and effective. >=20 > Your insight, suggested how-to pages are greatly appreciated. To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your service provider requires IPSec and IKE, best forget about OpenVPN. http://www.ipsec-howto.org/x304.html Look under "Automatic keyed connections using racoon" ------enig2PGCCGVJNSNKEXSTISJMQ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRjvsIAAoJED5TcEBdxYwQWm8IAIHFwKhhNj0DjQt79xpMsmPV HZzNaGXd+irOr0L13zkFQRGPMxi1+u5lY9nvG8kSCAFN2k4htpFjoucIODnaWj1K X8CemVqUkLuIH51AYxtN8emeXN5CjCqi37nSNnz/7/tJNdi0fH1gv80oDb1jhwi5 sshJtaHnFLjiYwy0q/dJb8go1ZIIn1RRoVMKJ23MPdHNqnBy1Zqo7pFKZwsrQ8NX lka1fzvvtBekYG+Fy4bAyksaCNNti2Bg6Wht/XXDsaYFFJoR4F0gARE/g0NRYJFw oIwt4RgisKZGiaewa3N+VNOM0bN1+anoVtCY4Ue61JfpZNoIIsJL9+WOcxSOCIo= =toPJ -----END PGP SIGNATURE----- ------enig2PGCCGVJNSNKEXSTISJMQ--