Date: Fri, 30 Nov 2018 13:34:50 +0100 From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org> To: lev@freebsd.org Cc: eugen@grosbein.net, freebsd-net@freebsd.org Subject: Re: IPsec: is it possible to encrypt transit traffic in transport mode? Message-ID: <CA%2Bq%2BTcoQC=Xy_HBCo6jhoCzH0LRty=CD83kEjp_fFpsNu4sbHg@mail.gmail.com> In-Reply-To: <108847324.20181130150424@serebryakov.spb.ru> References: <1519156224.20181130021136@serebryakov.spb.ru> <eb98de09-fe85-a978-15ef-b5c19f964f4e@grosbein.net> <881323908.20181130123008@serebryakov.spb.ru> <9ae35c3c-7af8-e513-7c20-e2d62f2b7b3e@grosbein.net> <108847324.20181130150424@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 30, 2018 at 1:05 PM Lev Serebryakov <lev@freebsd.org> wrote: > I'm benchmarking different possible "native" VPN configurations and I have > gif(4) and gre(4) with and without IPsec in my battery. I have tunnel mode > IPsec too. Problem with gif(4) and gre(4) that hey are tremendously > expensive, and could be more expensive than IPsec itself on CPUs with > AES-NI. > > So, this configuration impossible, I understand. Nothing to benchmark :-) > > And what about using IPSec VTI (virtual tunneling interface) mode: if_ipsec(4) ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcoQC=Xy_HBCo6jhoCzH0LRty=CD83kEjp_fFpsNu4sbHg>