metro

Zenaan Harkness zen at freedbms.net
Tue Aug 2 06:48:59 PDT 2016


On Tue, Aug 02, 2016 at 03:20:00PM +0200, rysiek wrote:
> Dnia wtorek, 2 sierpnia 2016 04:50:53 CEST Mirimir pisze:
> > > tl;dr setting up IPsec is a pain in the arse, so by the power of
> > > way too many lines of Bash it has been made simpler. Comments, pull
> > > requests, criticism welcome.
> > 
> > I presume that this is a flavor of IPsec that NSA can't pwn.
> 
> Hopefully. If anyone has more info, please share!
> 
> > But why do we need IPsec? What's the advantage over OpenVPN?
> 
> I needed an encrypted back-end link between several servers, so that even if 
> any set of them goes down, encrypted comms keep working between all of the 
> rest.
> 
> OpenVPN felt more like client-server thingy, more slated towards a star 
> topology. IPsec is node-node (at least in this particular usecase).

That was my impression too - I used openvpn for a year or two some years
back. Was always slightly frustrating. Needs another layer for auto
configuring or something. I need to check out openswan/ipsec to be able
to compare though..



More information about the cypherpunks mailing list