On Sat, Oct 13, 2018 at 3:02 PM Dave Taht <[email protected]> wrote: > > I keep seeing people talk about running tunnels via babel. Is there a howto > about how to do it? With wireguard? ipsec ? ssh? Or ? > > My use case would probably be: > > ipv4 - ipv6 ------------------------------------------ > gw - interior router - more routers -> AP - ipv4 >
Hi, Wireguard is a good, fast, secure choice if your device supports it. (Plain Linux / OpenWRT / VyOS have good support.) IPsec can be very secure but most people don't know how to configure it securely, so many real-world IPsec tunnels end up with insecure 3DES-SHA1 cipher. Therefore I don't recommend IPsec unless your device only supports it, or you know how to turn on AEAD + PFS. SSH is bad for tunneling because it runs on top of a single TCP connection which is prone to packet-loss or unstable network conditions, resulting in unbearable speed most of the time. I have been working on a mesh tunnel (> 3 nodes) generator named VxWireguard-Generator [1]. Babeld is supported by this project. When you run Babeld on tunneled networks, remember to turn on RTT measurement in babeld.conf. Best regards, StarBrilliant [1]: https://github.com/m13253/VxWireguard-Generator _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
