[Olsr-dev] olsrd web of trust plug-in
Henning Rogge
(spam-protected)
Mon Dec 22 13:58:00 CET 2008
On Montag 22 Dezember 2008 13:50:57 you wrote:
> Has anyone taken a look at using IPSec?
Yes.
> The most recent kernel has support
> for the ixp4xx crypto engine, [1] and the patch submitter uses it for IPSec
> [2]. My VPN experience started with SSH adding tun/tap, then I moved to
> openvpn (UDP works _much_ better). I'm still trying to find the time to
> build a small IPSec setup for testing.
>
> I just haven't had the time to figure out how it would apply to olsrd.
> Would you create a VPN to each neighbor (good for backbone meshes where
> users don't have olsrd installed), or do point-to-point? Or maybe there's
> a way to do hybrid?
IPSec is nice for unicasts... but it get's a lot more difficult for broadcasts
(or even flooded broadcasts).
And it's as fast/slow as any other encryption system using the same basic
algorithm (for example: AES for symmetric or RSA/ECC for asymmetric)...
> > Unless you plan to use desktop CPUs you will be limited to very small
> > networks...
>
> This is the only reason I'm considering IPSec, despite it's complexity,
> hardware acceleration would make embedded applications possible.
Hardware acceleration would increase the speed of all encryption algorithms of
a certain type... so GPG might gain the same amount of speed boost as IPSec.
Of course most routers don't have hardware acceleration, but that is another
story... ;)
Henning
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20081222/046f0e86/attachment.sig>
More information about the Olsr-dev
mailing list