Hi

On 2017-09-06 at 21:33:39 +0200, sandman <snl20...@gmail.com> wrote:
> Hi Tobias
> 
> Thanks for your work on curvetun! I just exploring it and I wanted to check
> with you on potential usage. Would help me a great deal if you can help
> with me with following queries.

In general, please ask these kinds of questions on the netsniff-ng
mailing list https://groups.google.com/forum/#!forum/netsniff-ng
That way you're more likely to get your question answered by someone who
might have already done something similar and other people will also
benefit from the answers.

I Cc'ed my reply to the list.

> My use case:
> 
> I am looking at building a lightweight packet forwarder (much like rpcapd
> from wireshark/winpcap suite) but with end to end encryption. Basically a
> soft network tap using which I can capture packets on a production machine
> and send them out securely to another machine and analyze them for
> anomalies.
> 
> After having ruled out rpcapd due to instability and lack of encryption. I
> am currently evaluating between tinc and curvetun to act as secure tunnel
> over which I can ship captured packets.
> 
> 
> 1. How does curvetun compare to tinc (or openvpn for that matter) on
> performance front? Any high level ideas here? On performance, do you think
> my approach will fly or I should take something like rpcapd and add
> encryption on top of that?

I haven't used tinc or looked at it in depth, so I cannot really say
much about how it compares w.r.t. performance. I'd suggest, you just try
it out with a small test setup to get a high level picture.

If performance is of concern you might also want to look at Wireguard
[1], which is an in-kernel VPN implementation designed for performance
and ease-of-use. Though, it is not yet in the mainline kernel AFIAK.

  [1] https://www.wireguard.com

> 2. As you can see, I will be transferring packets from N production servers
> to 1 analysis server, is this use case supported? I think it is.

Yes, this is supported by curvetun. The analysis server would run
curvetun in server mode and the N production servers would each run
curvetun in client mode.

> 3. Any ready to use docker images of curvetun you can point to would be
> great too.

There is a docker image for the netsniff-ng toolkit from the OpenNSM
group on docker hub [2]. It doesn't seem to contain curvetun though, but
you might want to send them a pull request [3] to add it ;)

  [2] https://hub.docker.com/r/opennsm/netsniff-ng/
  [3] https://github.com/open-nsm/ContainNSM

Hope that helps
Tobias

-- 
You received this message because you are subscribed to the Google Groups 
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to