Thanks yet again Michael! Enjoy your weekend. N.
On 5/11/13, Michael Mol <mike...@gmail.com> wrote: > On 05/11/2013 03:13 PM, Nick Khamis wrote: >> Hello Everyone, >> >> Our service provider requires all connections between us be done >> through IPSec IKE. From the little bit of research, I found that this >> is achieved using a system with IPSec kernel modules enabled, along >> with cryptography modules. On the application level, I saw ipsec tool, >> OpenSWAN, and OpenVPN. >> >> What I was wondering is which should be used for traffic intensive >> connections in a deployment environment. Without starting any OpenVPN >> vs OpenSwan debate, we would really like to keep the application level >> to a minimum. Meaning if we could achieve the tunnel using the >> required kernel modules, ipsec-tools and iptables, we see that as >> keeping it simple and effective. >> >> Your insight, suggested how-to pages are greatly appreciated. > > To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates > either IP/IPv6 (tun mode) or layer 2 (tap mode) over TLS. If your > service provider requires IPSec and IKE, best forget about OpenVPN. > > http://www.ipsec-howto.org/x304.html > > Look under "Automatic keyed connections using racoon" > > >