[Battlemesh] new tunneling vpn: wireguard

Mitar mitar at tnode.com
Thu Jun 30 08:35:31 CEST 2016


Is there any other standard in-Linux-kernel crypto available for tunnels?


> On Thu, Jun 30, 2016 at 8:24 AM, Mitar <mitar at tnode.com> wrote:
>> Hi!
>> Oh, you are right. I always assumed that you can use UDP as transport,
>> add IPSec and then have tunnel. Hmm. It seems not so.
> You can... but that is a very new extension.
> But even then, your mess just started...
> first make sure both sides support the same crypto/signature/hash
> combination... because there is no mandatory one for IPsec.
> Oh, and make sure they support the same IKE(v2) variant... because
> this protocol has a lot degrees of freedom, again without a mandatory
> base setting.
> And lets not start about the insanity that "IPsec transport mode +
> IPIP tunnel = IPsec tunnel mode".
> We could throw out at least half of the options of IPsec without
> loosing any feature.
> Henning Rogge
> _______________________________________________
> Battlemesh mailing list
> Battlemesh at ml.ninux.org
> http://ml.ninux.org/mailman/listinfo/battlemesh


More information about the Battlemesh mailing list