[Olsr-dev] olsrd web of trust plug-in

Henning Rogge (spam-protected)
Mon Dec 22 13:58:00 CET 2008


On Montag 22 Dezember 2008 13:50:57 you wrote:
> Has anyone taken a look at using IPSec?
Yes.

> The most recent kernel has support
> for the ixp4xx crypto engine, [1] and the patch submitter uses it for IPSec
> [2].  My VPN experience started with SSH adding tun/tap, then I moved to
> openvpn (UDP works _much_ better).  I'm still trying to find the time to
> build a small IPSec setup for testing.
>
> I just haven't had the time to figure out how it would apply to olsrd. 
> Would you create a VPN to each neighbor (good for backbone meshes where
> users don't have olsrd installed), or do point-to-point?  Or maybe there's
> a way to do hybrid?

IPSec is nice for unicasts... but it get's a lot more difficult for broadcasts 
(or even flooded broadcasts).

And it's as fast/slow as any other encryption system using the same basic 
algorithm (for example: AES for symmetric or RSA/ECC for asymmetric)...
> > Unless you plan to use desktop CPUs you will be limited to very small
> > networks...
>
> This is the only reason I'm considering IPSec, despite it's complexity,
> hardware acceleration would make embedded applications possible.
Hardware acceleration would increase the speed of all encryption algorithms of 
a certain type... so GPG might gain the same amount of speed boost as IPSec.

Of course most routers don't have hardware acceleration, but that is another 
story... ;)

Henning

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20081222/046f0e86/attachment.sig>


More information about the Olsr-dev mailing list