[SLL] WRT54GL --> wireless to wired repeater?
Bryan McLellan
btm at loftninjas.org
Thu Dec 25 12:57:20 PST 2008
On Thu, Dec 25, 2008 at 11:17 AM, Derek Simkowiak <dereks at realloc.net> wrote:
> /Could it be that you guys are using different ciphers?/
>
> OpenVPN uses SSL to handle encryption. It uses either a TAP or TUN driver
> (depending on whether you want bridged mode or routed mode).
>
> vpnc (which I think is what Jeremy was using) is the Cisco VPN
> Concentrator client, and it works in a very similar fashion. Like OpenVPN,
> it is a userspace application that uses the TAP driver to establish the VPN.
>
> The two big differences between the two apps is that (a) vpnc does not use
> SSL as the protocol, and (b) OpenVPN uses the OpenSSL library (a.k.a.
> libssl) but vpnc uses the GNUTLS library (a.k.a. libgcrypt).
vpnc doesn't support SSL (Cisco Anyconnect) at this time [1], and uses
IPSEC. However, the important part in relation to CPU usage is the
ciphers in use rather than the protocols. Both support a number of
ciphers [2][3] which means the user gets to choose. If one implemented
an SSL VPN using DES and an IPSEC VPN using AES, they're going to have
different CPU usage based on the symmetric encryption algorithm more
than the protocol.
Bryan
[1] http://www.gossamer-threads.com/lists/vpnc/devel/2590
[2] http://tools.ietf.org/html/rfc4835#section-3.1.1
[3] http://tools.ietf.org/html/rfc5246#appendix-A.5
More information about the linux-list
mailing list