[netsniff-ng] Re: Question on Curvetun

[Tobias Klauser]

Hi

On 2017-09-06 at 21:33:39 +0200, sandman  wrote:
> Hi Tobias
> 
> Thanks for your work on curvetun! I just exploring it and I wanted to check
> with you on potential usage. Would help me a great deal if you can help
> with me with following queries.

In general, please ask these kinds of questions on the netsniff-ng
mailing list https://groups.google.com/forum/#!forum/netsniff-ng
That way you're more likely to get your question answered by someone who
might have already done something similar and other people will also
benefit from the answers.

I Cc'ed my reply to the list.

> My use case:
> 
> I am looking at building a lightweight packet forwarder (much like rpcapd
> from wireshark/winpcap suite) but with end to end encryption. Basically a
> soft network tap using which I can capture packets on a production machine
> and send them out securely to another machine and analyze them for
> anomalies.
> 
> After having ruled out rpcapd due to instability and lack of encryption. I
> am currently evaluating between tinc and curvetun to act as secure tunnel
> over which I can ship captured packets.
> 
> 
> 1. How does curvetun compare to tinc (or openvpn for that matter) on
> performance front? Any high level ideas here? On performance, do you think
> my approach will fly or I should take something like rpcapd and add
> encryption on top of that?

I haven't used tinc or looked at it in depth, so I cannot really say
much about how it compares w.r.t. performance. I'd suggest, you just try
it out with a small test setup to get a high level picture.

If performance is of concern you might also want to look at Wireguard
[1], which is an in-kernel VPN implementation designed for performance
and ease-of-use. Though, it is not yet in the mainline kernel AFIAK.

  [1] https://www.wireguard.com

> 2. As you can see, I will be transferring packets from N production servers
> to 1 analysis server, is this use case supported? I think it is.

Yes, this is supported by curvetun. The analysis server would run
curvetun in server mode and the N production servers would each run
curvetun in client mode.

> 3. Any ready to use docker images of curvetun you can point to would be
> great too.

There is a docker image for the netsniff-ng toolkit from the OpenNSM
group on docker hub [2]. It doesn't seem to contain curvetun though, but
you might want to send them a pull request [3] to add it ;)

  [2] https://hub.docker.com/r/opennsm/netsniff-ng/
  [3] https://github.com/open-nsm/ContainNSM

Hope that helps
Tobias

-- 
You received this message because you are subscribed to the Google Groups 
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[netsniff-ng] Re: Question on Curvetun

[sandman]

Cool, thank you!

On Thu, Sep 7, 2017 at 1:49 PM, Tobias Klauser  wrote:

> Hi
>
> On 2017-09-06 at 21:33:39 +0200, sandman  wrote:
> > Hi Tobias
> >
> > Thanks for your work on curvetun! I just exploring it and I wanted to
> check
> > with you on potential usage. Would help me a great deal if you can help
> > with me with following queries.
>
> In general, please ask these kinds of questions on the netsniff-ng
> mailing list https://groups.google.com/forum/#!forum/netsniff-ng
> That way you're more likely to get your question answered by someone who
> might have already done something similar and other people will also
> benefit from the answers.
>
> I Cc'ed my reply to the list.
>
> > My use case:
> >
> > I am looking at building a lightweight packet forwarder (much like rpcapd
> > from wireshark/winpcap suite) but with end to end encryption. Basically a
> > soft network tap using which I can capture packets on a production
> machine
> > and send them out securely to another machine and analyze them for
> > anomalies.
> >
> > After having ruled out rpcapd due to instability and lack of encryption.
> I
> > am currently evaluating between tinc and curvetun to act as secure tunnel
> > over which I can ship captured packets.
> >
> >
> > 1. How does curvetun compare to tinc (or openvpn for that matter) on
> > performance front? Any high level ideas here? On performance, do you
> think
> > my approach will fly or I should take something like rpcapd and add
> > encryption on top of that?
>
> I haven't used tinc or looked at it in depth, so I cannot really say
> much about how it compares w.r.t. performance. I'd suggest, you just try
> it out with a small test setup to get a high level picture.
>
> If performance is of concern you might also want to look at Wireguard
> [1], which is an in-kernel VPN implementation designed for performance
> and ease-of-use. Though, it is not yet in the mainline kernel AFIAK.
>
>   [1] https://www.wireguard.com
>
> > 2. As you can see, I will be transferring packets from N production
> servers
> > to 1 analysis server, is this use case supported? I think it is.
>
> Yes, this is supported by curvetun. The analysis server would run
> curvetun in server mode and the N production servers would each run
> curvetun in client mode.
>
> > 3. Any ready to use docker images of curvetun you can point to would be
> > great too.
>
> There is a docker image for the netsniff-ng toolkit from the OpenNSM
> group on docker hub [2]. It doesn't seem to contain curvetun though, but
> you might want to send them a pull request [3] to add it ;)
>
>   [2] https://hub.docker.com/r/opennsm/netsniff-ng/
>   [3] https://github.com/open-nsm/ContainNSM
>
> Hope that helps
> Tobias
>

-- 
You received this message because you are subscribed to the Google Groups 
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.