High-performant tinc (without encryption?)
Eric Feliksik
feliksik at gmail.com
Thu Jan 8 12:08:30 CET 2015
I am looking to connect edge-routers in a VPN over the Internet, with
requirement:
- Mesh
- NAT-traversing
- 500 mbit throughput.
I'm using Tinc 1.0.23 and it does this very nicely (I think I could also
use 1.1, once it's considered stable) except for the througphut: the
edgerouters cannot encrypt this fast. So I want to relieve the edge routers
from this responsibility.
If the end hosts can encrypt their point-to-point communication with ipsec
(but the mesh vpn and nat-T is done by tinc), what would be the
consequences of using tinc with "Cipher = none"? What ipsec-wrapping
headers (from tinc, I assume) would be exposed, and is this a bad idea,
security wise?
Other suggestions to tackle the problem are also welcome, of course.
Thanks in advance,
Best regards,
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20150108/24b33459/attachment.html>
More information about the tinc
mailing list