From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id D8C3E1381F3 for ; Sun, 12 May 2013 02:37:58 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DF463E096D; Sun, 12 May 2013 02:37:51 +0000 (UTC) Received: from mail-la0-f44.google.com (mail-la0-f44.google.com [209.85.215.44]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 48DD4E095A for ; Sun, 12 May 2013 02:37:49 +0000 (UTC) Received: by mail-la0-f44.google.com with SMTP id fr10so72554lab.31 for ; Sat, 11 May 2013 19:37:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=MVhiQxaudoA+E7Ohe5zf6Pt2zZ9cKGh/nfq1Np0LbTc=; b=NHza+F0xqp6uV4P+Lx2AyM2fIbnPl+06iMnFL0wQCL4DaY1bhID/QKBlkbaEDBctW9 b7fRcBCteIyJImWy3OSJa3qqjZQpaI1HDap6ksE0TOQvByzXNyH6MFZa0Tq9d8odnH1Q ipl1Iy7pAQNRC1OevTwNpxsyp5QmjqWLVlOS/I0QQ5wvd8UdyGjzgPLuW3QKgErW5gPm n6VD1eyxiF7knHoQGWADp69iEcjVhxJRFSRvIGl8RxsFmkiwlEsptMVGA9PBOoXiHtDL Zz8DeSg//UH372AflHlP9IbN+rsNK80qKdpPJnOEpdMhcBmztvFbakYcucdbQacJ4BLn nrjg== Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 X-Received: by 10.112.14.36 with SMTP id m4mr444596lbc.81.1368326268450; Sat, 11 May 2013 19:37:48 -0700 (PDT) Received: by 10.114.92.35 with HTTP; Sat, 11 May 2013 19:37:48 -0700 (PDT) In-Reply-To: <518EFB06.4000000@gmail.com> References: <518EFB06.4000000@gmail.com> Date: Sat, 11 May 2013 22:37:48 -0400 Message-ID: Subject: Re: [gentoo-user] Traffic Intensive IPSec Tunnel From: Nick Khamis To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 338ce4db-4665-4195-b9ae-822eaebae160 X-Archives-Hash: 7b2b1e2c1636a7f4b01204f9ac2f6308 Thanks yet again Michael! Enjoy your weekend. N. On 5/11/13, Michael Mol wrote: > On 05/11/2013 03:13 PM, Nick Khamis wrote: >> Hello Everyone, >> >> Our service provider requires all connections between us be done >> through IPSec IKE. From the little bit of research, I found that this >> is achieved using a system with IPSec kernel modules enabled, along >> with cryptography modules. On the application level, I saw ipsec tool, >> OpenSWAN, and OpenVPN. >> >> What I was wondering is which should be used for traffic intensive >> connections in a deployment environment. Without starting any OpenVPN >> vs OpenSwan debate, we would really like to keep the application level >> to a minimum. Meaning if we could achieve the tunnel using the >> required kernel modules, ipsec-tools and iptables, we see that as >> keeping it simple and effective. >> >> Your insight, suggested how-to pages are greatly appreciated. > > To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates > either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your > service provider requires IPSec and IKE, best forget about OpenVPN. > > http://www.ipsec-howto.org/x304.html > > Look under "Automatic keyed connections using racoon" > > >