[Battlemesh] new tunneling vpn: wireguard

Mitar mitar at tnode.com
Thu Jun 30 08:35:31 CEST 2016


Hi!

Is there any other standard in-Linux-kernel crypto available for tunnels?


Mitar

> On Thu, Jun 30, 2016 at 8:24 AM, Mitar <mitar at tnode.com> wrote:
>> Hi!
>>
>> Oh, you are right. I always assumed that you can use UDP as transport,
>> add IPSec and then have tunnel. Hmm. It seems not so.
> 
> You can... but that is a very new extension.
> 
> But even then, your mess just started...
> 
> first make sure both sides support the same crypto/signature/hash
> combination... because there is no mandatory one for IPsec.
> 
> Oh, and make sure they support the same IKE(v2) variant... because
> this protocol has a lot degrees of freedom, again without a mandatory
> base setting.
> 
> And lets not start about the insanity that "IPsec transport mode +
> IPIP tunnel = IPsec tunnel mode".
> 
> We could throw out at least half of the options of IPsec without
> loosing any feature.
> 
> Henning Rogge
> _______________________________________________
> Battlemesh mailing list
> Battlemesh at ml.ninux.org
> http://ml.ninux.org/mailman/listinfo/battlemesh
> 

-- 
http://mitar.tnode.com/
https://twitter.com/mitar_m



More information about the Battlemesh mailing list