I'm afraid I don't have time to answer in depth today but here are a few quick answers regarding *swan: On Mon, 2004-04-12 at 08:25, Scott MacKay wrote: > I had a couple questions about the different methods > talked about here, probably focusing on CIPE, > FreeSWAN/OpenSWAN, and the OpenVPN (along with any > others users may chime in with) > 1. Where in the netfilter path do these solutions > package up data? Important to know if we see > tunnel/VPN packets or the contents which are going > into them, both incoming and outgoing *swan makes this convenient by passing the traffic from the physical interface to an ipsec interface, e.g., eth0 -> ipsec0. I believe there are extensive diagrams of how this works in the training section at http://iscs.sourceforge.net > 2. Which of these guys support broadcast or > multicast? > 3. Do any of these support non-encrypted > transmission? The reason for this would be if a > higher level/later service provided the encryption > over the risky sections of a transmission > 4. What kind of overhead do these cost? I was > curious from the perspective of initialization/updates > and also any additional packet headers (rough guess). There are some performance benchmarks buries somewhere in the extensive *swan documentation. > <snip> -- John A. Sullivan III Chief Technology Officer Nexus Management +1 207-985-7880 john.sullivan@xxxxxxxxxxxxx --- If you are interested in helping to develop a GPL enterprise class VPN/Firewall/Security device management console, please visit http://iscs.sourceforge.net
