Hi On 2017-09-06 at 21:33:39 +0200, sandman <snl20...@gmail.com> wrote: > Hi Tobias > > Thanks for your work on curvetun! I just exploring it and I wanted to check > with you on potential usage. Would help me a great deal if you can help > with me with following queries.
In general, please ask these kinds of questions on the netsniff-ng mailing list https://groups.google.com/forum/#!forum/netsniff-ng That way you're more likely to get your question answered by someone who might have already done something similar and other people will also benefit from the answers. I Cc'ed my reply to the list. > My use case: > > I am looking at building a lightweight packet forwarder (much like rpcapd > from wireshark/winpcap suite) but with end to end encryption. Basically a > soft network tap using which I can capture packets on a production machine > and send them out securely to another machine and analyze them for > anomalies. > > After having ruled out rpcapd due to instability and lack of encryption. I > am currently evaluating between tinc and curvetun to act as secure tunnel > over which I can ship captured packets. > > > 1. How does curvetun compare to tinc (or openvpn for that matter) on > performance front? Any high level ideas here? On performance, do you think > my approach will fly or I should take something like rpcapd and add > encryption on top of that? I haven't used tinc or looked at it in depth, so I cannot really say much about how it compares w.r.t. performance. I'd suggest, you just try it out with a small test setup to get a high level picture. If performance is of concern you might also want to look at Wireguard [1], which is an in-kernel VPN implementation designed for performance and ease-of-use. Though, it is not yet in the mainline kernel AFIAK. [1] https://www.wireguard.com > 2. As you can see, I will be transferring packets from N production servers > to 1 analysis server, is this use case supported? I think it is. Yes, this is supported by curvetun. The analysis server would run curvetun in server mode and the N production servers would each run curvetun in client mode. > 3. Any ready to use docker images of curvetun you can point to would be > great too. There is a docker image for the netsniff-ng toolkit from the OpenNSM group on docker hub [2]. It doesn't seem to contain curvetun though, but you might want to send them a pull request [3] to add it ;) [2] https://hub.docker.com/r/opennsm/netsniff-ng/ [3] https://github.com/open-nsm/ContainNSM Hope that helps Tobias -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.