|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: ipsec scalability?
From: Daniel de Young (daniel
velvetsea.com)
Date: Tue Jul 01 2003 - 22:23:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>> I'm finishing up a practical about interop between openbsd, linux, and
>> sonicwall.
>
> Bravo!
>
You have a wonderful talent for sarcasm.
>> I'd like to include a few notes on scalability.
>
> Go read.
>
http://groups.google.com/groups?q=openbsd+ipsec+scalability
nothing
found this: http://webserver.cpg.com/reviews/r1/3.4/
nice read, but doesn't answer my question in the slightest.
http://tinyurl.com/fsow
interesting, tells me nothing.
Found ton's of design discussion and docs from 1999.
I'm wondering where the absolute plethora of documentation you're talking
about might be. It's not on openbsd.org. It's not archived on google. I
guess I could download all 200MB++ of the list since the search function
seems to be out of commission.
I'm sure there's plenty of posts by people saying, "hey I have 100 tunnels
running on my P75 box with 32MB of memory". I just haven't found them
yet.
>> Linux (freeswan) has a decent document about scalability issues.
>
> Go run Linux then...
Simply mentioning that freeswan exists seems to be synonymous with hating
openbsd and therefore prefering freeswan. Fact is that I find linux to be
hard to secure and keep up on why would I want that in a fw/vpn box?
>> A quick search of google results turned up little that seemed
>> relevant.
>
> Bollocks.
>
nice.
>> What are list members experiences with running dozens ++ of tunnels.
>> Any hard limits or known/documented limits based on ram/proc etc.?
>
> OpenBSD defaults work.
>
huh? language barrier?
>> Impressions of the experienced?
>
> I sleep better because I've slept well for some years.
>
I'm very happy for you. I've been sleeping well for awhile now myself.
>> Any insight would be appreciated.
>
> Do your own homework.
>
fair enough.
>> It's mainly a discussion about interop issues between them and
>> a tutorial on how to make it happen.
>
> Publish and be damned.
>
will do.
Sorry to have "bothered" so badly with my blatently lazy post, Pedro.
Perhaps it will suffice to say that "openbsd's ipsec is probably
blindingly fast".
Thanks for all your help and insight.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]