[Olsr-dev] olsrd web of trust plug-in
Mon Dec 22 13:58:00 CET 2008
On Montag 22 Dezember 2008 13:50:57 you wrote:
> Has anyone taken a look at using IPSec?
> The most recent kernel has support
> for the ixp4xx crypto engine,  and the patch submitter uses it for IPSec
> . My VPN experience started with SSH adding tun/tap, then I moved to
> openvpn (UDP works _much_ better). I'm still trying to find the time to
> build a small IPSec setup for testing.
> I just haven't had the time to figure out how it would apply to olsrd.
> Would you create a VPN to each neighbor (good for backbone meshes where
> users don't have olsrd installed), or do point-to-point? Or maybe there's
> a way to do hybrid?
IPSec is nice for unicasts... but it get's a lot more difficult for broadcasts
(or even flooded broadcasts).
And it's as fast/slow as any other encryption system using the same basic
algorithm (for example: AES for symmetric or RSA/ECC for asymmetric)...
> > Unless you plan to use desktop CPUs you will be limited to very small
> > networks...
> This is the only reason I'm considering IPSec, despite it's complexity,
> hardware acceleration would make embedded applications possible.
Hardware acceleration would increase the speed of all encryption algorithms of
a certain type... so GPG might gain the same amount of speed boost as IPSec.
Of course most routers don't have hardware acceleration, but that is another
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part.
More information about the Olsr-dev