On Saturday 10 April 2004 10:41 am, Gianni Pucciani wrote: > Hi, > I forget one things, waht about the CIPE solution. I read that in the > rh9 sec guide about VPN. Yes, I should have mentioned that. It uses a different method for encrypting the data than IPsec does (Blowfish instead of 3DES) and is therefore supposed to be faster. However in my experience you need to have a *big* pipe to the outside world in order to be encrypting so much data down your VPN that a basic CPU can't handle it. I've never used CIPE so can't comment on it in practice. I tend to use the standard which is supported by most other vendors for cross-compatibility, therefore I like IPsec. > And then, I see this news: the FreeS/WAN project is no longer in > active development, it could be a problem? I don't regard it as a problem - I think people will continue to use the latest version for setting up IPsec with Linux 2.4 kernels, and they'll migrate to using the built-in IPsec for 2.6 kernels. The main reason that FreeS/WAN is no longer being developed is because although it works well as a VPN, the team don't think they can achieve one of their goals, which was Opportunistic Encryption (using DNS to hold public keys so that routers could create VPN tunnels on their own when they wanted to talk to each other, instead of being manually configured to set up specific tunnels). In my opinion that doesn't stop it still being very useful as a way to configure standard IPsec links. Regards, Antony. -- The difference between theory and practice is that in theory there is no difference, whereas in practice there is. Please reply to the list; please don't CC me.