On Saturday 10 April 2004 10:41 am, Gianni Pucciani wrote:
> Hi,
> I forget one things, waht about the CIPE solution. I read that in the
> rh9 sec guide about VPN.
Yes, I should have mentioned that. It uses a different method for encrypting
the data than IPsec does (Blowfish instead of 3DES) and is therefore supposed
to be faster. However in my experience you need to have a *big* pipe to the
outside world in order to be encrypting so much data down your VPN that a
basic CPU can't handle it.
I've never used CIPE so can't comment on it in practice.
I tend to use the standard which is supported by most other vendors for
cross-compatibility, therefore I like IPsec.
> And then, I see this news: the FreeS/WAN project is no longer in
> active development, it could be a problem?
I don't regard it as a problem - I think people will continue to use the
latest version for setting up IPsec with Linux 2.4 kernels, and they'll
migrate to using the built-in IPsec for 2.6 kernels.
The main reason that FreeS/WAN is no longer being developed is because
although it works well as a VPN, the team don't think they can achieve one of
their goals, which was Opportunistic Encryption (using DNS to hold public
keys so that routers could create VPN tunnels on their own when they wanted
to talk to each other, instead of being manually configured to set up
specific tunnels).
In my opinion that doesn't stop it still being very useful as a way to
configure standard IPsec links.
Regards,
Antony.
--
The difference between theory and practice is that in theory there is no
difference, whereas in practice there is.
Please reply to the list;
please don't CC me.
