Creating a "mail gateway"
Robert Brockway
robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
Fri Jun 13 06:26:43 UTC 2008
On Thu, 12 Jun 2008, D. Hugh Redelmeier wrote:
> There are too many things to go wrong in unclear ways in the Linux
> networking stack. Openswan multiplies this by a small constant
> factor.
I used to use IPSec. I encountered OS interoperability issues although
these have probably improved.
> I have never tried OpenVPN, so I don't know if or how they avoid these
> problems.
One day I tried OpenVPN. I haven't touched IPSec since. Really.
> | It also handles all
> | traffic types well and efficiently (no VPN should EVER use a tcp
> | connection, so IPsec uses udp).
>
> For negotiating, the IKE protocol uses UDP.
>
> For transport, IPSec uses ESP (usually), AH (not too often), or UDP
> (fudge for NAT traversal).
OpenVPN uses UDP by default but can use TCP.
Rob
--
"With sufficient thrust, pigs fly just fine..."
-- RFC 1925 "The Twelve Networking Truths"
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list