On Thu, 19 Jan 2006 11:28:31 +0000, Stuart Henderson wrote: >On 2006/01/19 10:39, Simon Slaytor wrote: >> Stuart Henderson wrote: >> >On 2006/01/19 09:38, Simon Slaytor wrote: >> > >> >>When comparing the two vpn solutions for speed, subjectively the OpenVPN >> >>feels slightly faster >> > >> >If you're using compression on OpenVPN but not on IPSEC, that would >> >probably explain the speed difference. >> >> Agreed, any idea on how the cyphers compare i.e. 3DES v Blowfish in >> regard to CPU overhead? > >'openssl speed' will show you on your system, but Blowfish (and AES, >at least at some block sizes) are something like twice as fast when >implemented in software on a standard CPU. > >> I was not trying to suggest that this was a like for like comparison. I >> was merely trying to get the point across that OpenVPN is a viable >> alternative. > >There are strengths and weaknesses for each, overhead is only one >factor (and not such an important one in smaller setups over relatively >low-speed lines). I use OpenVPN and IPSEC in different situations (and >will probably start using ssh tun-forwarding for a few places I'd use >OpenVPN now - though, I'll have to investigate how tcp-wrapped-in-tcp >works, since it would be most useful for me over wireless networks >which have a lot of packet loss). > >
If you read http://sites.inka.de/sites/bigred/devel/tcp-tcp.html maybe you won't want TCP-over-TCP. At least, if the author is correct, you will consider that it may be worse than TCP-over-UDP is lossy environments. FWIW Disclaimer : I don't consider myself sufficiently expert to judge the accuracy of the assertions made there. They simply sounded plausible based on the little I know. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
