Cool, thank you! On Thu, Sep 7, 2017 at 1:49 PM, Tobias Klauser <tklau...@distanz.ch> wrote:
> Hi > > On 2017-09-06 at 21:33:39 +0200, sandman <snl20...@gmail.com> wrote: > > Hi Tobias > > > > Thanks for your work on curvetun! I just exploring it and I wanted to > check > > with you on potential usage. Would help me a great deal if you can help > > with me with following queries. > > In general, please ask these kinds of questions on the netsniff-ng > mailing list https://groups.google.com/forum/#!forum/netsniff-ng > That way you're more likely to get your question answered by someone who > might have already done something similar and other people will also > benefit from the answers. > > I Cc'ed my reply to the list. > > > My use case: > > > > I am looking at building a lightweight packet forwarder (much like rpcapd > > from wireshark/winpcap suite) but with end to end encryption. Basically a > > soft network tap using which I can capture packets on a production > machine > > and send them out securely to another machine and analyze them for > > anomalies. > > > > After having ruled out rpcapd due to instability and lack of encryption. > I > > am currently evaluating between tinc and curvetun to act as secure tunnel > > over which I can ship captured packets. > > > > > > 1. How does curvetun compare to tinc (or openvpn for that matter) on > > performance front? Any high level ideas here? On performance, do you > think > > my approach will fly or I should take something like rpcapd and add > > encryption on top of that? > > I haven't used tinc or looked at it in depth, so I cannot really say > much about how it compares w.r.t. performance. I'd suggest, you just try > it out with a small test setup to get a high level picture. > > If performance is of concern you might also want to look at Wireguard > , which is an in-kernel VPN implementation designed for performance > and ease-of-use. Though, it is not yet in the mainline kernel AFIAK. > >  https://www.wireguard.com > > > 2. As you can see, I will be transferring packets from N production > servers > > to 1 analysis server, is this use case supported? I think it is. > > Yes, this is supported by curvetun. The analysis server would run > curvetun in server mode and the N production servers would each run > curvetun in client mode. > > > 3. Any ready to use docker images of curvetun you can point to would be > > great too. > > There is a docker image for the netsniff-ng toolkit from the OpenNSM > group on docker hub . It doesn't seem to contain curvetun though, but > you might want to send them a pull request  to add it ;) > >  https://hub.docker.com/r/opennsm/netsniff-ng/ >  https://github.com/open-nsm/ContainNSM > > Hope that helps > Tobias > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.