On 05/11/2013 03:13 PM, Nick Khamis wrote: > Hello Everyone, > > Our service provider requires all connections between us be done > through IPSec IKE. From the little bit of research, I found that this > is achieved using a system with IPSec kernel modules enabled, along > with cryptography modules. On the application level, I saw ipsec tool, > OpenSWAN, and OpenVPN. > > What I was wondering is which should be used for traffic intensive > connections in a deployment environment. Without starting any OpenVPN > vs OpenSwan debate, we would really like to keep the application level > to a minimum. Meaning if we could achieve the tunnel using the > required kernel modules, ipsec-tools and iptables, we see that as > keeping it simple and effective. > > Your insight, suggested how-to pages are greatly appreciated.
To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your service provider requires IPSec and IKE, best forget about OpenVPN. http://www.ipsec-howto.org/x304.html Look under "Automatic keyed connections using racoon"
signature.asc
Description: OpenPGP digital signature