IPsec: is it possible to encrypt transit traffic in transport mode?
Lev Serebryakov
lev at FreeBSD.org
Fri Nov 30 15:43:19 UTC 2018
Hello Olivier,
Friday, November 30, 2018, 3:34:50 PM, you wrote:
>> I'm benchmarking different possible "native" VPN configurations and I have
>> gif(4) and gre(4) with and without IPsec in my battery. I have tunnel mode
>> IPsec too. Problem with gif(4) and gre(4) that hey are tremendously
>> expensive, and could be more expensive than IPsec itself on CPUs with AES-NI.
>> So, this configuration impossible, I understand. Nothing to benchmark :-)
> And what about using IPSec VTI (virtual tunneling interface) mode: if_ipsec(4)
And this one too. It gives slightly more PPS than "setkey-based" tunnel
mode, which is surprise for me.
--
Best regards,
Lev mailto:lev at FreeBSD.org
More information about the freebsd-net
mailing list