From: Juan J. Martinez (reidracreidrac.dyndns.org)
Date: Mon Feb 07 2005 - 06:24:44 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paolo Supino escribis:
> This isn't an OpenBSD specific question and I apologize, but I was
> asked what are the pros and cons of using ssh tunnels in contrast of
> ipsec tunnels? Except for the obvious things: ssh is layer 7 and ipsec
> is layer 3. ssh only tunnels tcp while ipsec tunnels everything at its
> entry point. ipsec is transparent to the layers above while ssh isn't.
> ssh has less overhead while ipsec has a higher overhead. But what
> about authentication/vulnerability of the protocol to attacks? Load on
> the OS? Authentication options? Configuration (and especially how easy
> is to misconfiguration it to create a weak point)? Any other thing I
> didn't think of?

Well, from my experiencie is not trivial at all make interoperate
different implementations of IPSec.

If you're planning to use obsd vs obsd, it will work fine. But I tried
FreeS/WAN under linux vs obsd implementation and I concluded... ssh
tunnels rocks! :D

I bet it was my fault, so first value your needs. I realized IPSec was
not a good idea for my problem after wasting two days on the thing.

regards,

Juanjo

--
Desarrollo y Sistemas: http://usebox.net/
       Pagina personal: http://usebox.net/jjm/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]