IPsec: is it possible to encrypt transit traffic in transport mode?
Olivier Cochard-Labbé
olivier at freebsd.org
Fri Nov 30 12:35:06 UTC 2018
On Fri, Nov 30, 2018 at 1:05 PM Lev Serebryakov <lev at freebsd.org> wrote:
> I'm benchmarking different possible "native" VPN configurations and I have
> gif(4) and gre(4) with and without IPsec in my battery. I have tunnel mode
> IPsec too. Problem with gif(4) and gre(4) that hey are tremendously
> expensive, and could be more expensive than IPsec itself on CPUs with
> AES-NI.
>
> So, this configuration impossible, I understand. Nothing to benchmark :-)
>
>
And what about using IPSec VTI (virtual tunneling interface) mode:
if_ipsec(4) ?
More information about the freebsd-net
mailing list