On Thu, Nov 10, 2016 at 10:58 AM, James Allsopp <[email protected]> wrote: > Thanks for that, much appreciated > > On 8 November 2016 at 00:04, Luiz Angelo Daros de Luca <[email protected]> > wrote: >> >> James, OpenVPN using tap will do. However, layer 2 over VPN is normally >> not very efficient. If ESXi shares the same infrastructure, I would use vlan >> between the internal networks. Vlan will avoid the need for a second >> OpenWRT.
Beware, OpenVPN has poor performance due to being a user-space daemon (heavy context switching). Even more on embedded devices. Other userspace daemons have faster performance (I have made encrypted gigabit links wiht curvetun, but you need to have machines in clock sync), otherwise prefer ipsec in kernel (openswan). Or even SSH-HPN with encryption disabled and TAP interfaces on each side (for that I have some openwrt makefile around). There is fastd as well, or udp-foo (don't know if you can have TAP support). -- Benjamin Henrion <bhenrion at ffii.org> FFII Brussels - +32-484-566109 - +32-2-3500762 "In July 2005, after several failed attempts to legalise software patents in Europe, the patent establishment changed its strategy. Instead of explicitly seeking to sanction the patentability of software, they are now seeking to create a central European patent court, which would establish and enforce patentability rules in their favor, without any possibility of correction by competing courts or democratically elected legislators." _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
