On Wednesday 2012-08-08 15:53, Arif Hossain wrote: >On Wed, 2012-08-08 at 15:41 +0200, Jan Engelhardt wrote: >> On Wednesday 2012-08-08 14:25, Arif Hossain wrote: ><snip> >> Complicated? No, not at all. http://inai.de/2008/02/24 >> Heavyweight? Neither. The RSS is ~5 MB, most of which is pretty much >> glibc anyway. > >If clients are mainly embedded devices, and most of the time, all we can >do is to install a software on them, then is it feasible to use IPSEC? You can probably even use IPsec without StrongSWAN, if you manage to knit together the pieces using `ip xfrm state` and `ip xfrm policy`. >Just for an example, we used tls for only the initial session >establishment, not the original data, and it proved very inefficient so >we had to abandon the thing completely. So perhaps you did something really wrong? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
