Linus prefers IPSec over OpenVPN for networking reasons.

Pages (3): 1 2 3 Next

229

01-22-2016, 05:58 PM

Hey everyone, I saw Linus mention IPSec during the unboxing at 24:55. That sparked my curiosity about using OpenVPN instead.

Bmaster5026

01-22-2016, 05:58 PM #1

Hey everyone, I saw Linus mention IPSec during the unboxing at 24:55. That sparked my curiosity about using OpenVPN instead.

Blacklisted_
Junior Member

01-22-2016, 07:36 PM

I concur, OpenVPN offers greater simplicity, easier administration (especially with an access server web interface), and it's open source.

Blacklisted_

01-22-2016, 07:36 PM #2

I concur, OpenVPN offers greater simplicity, easier administration (especially with an access server web interface), and it's open source.

Fergy04
Member

152

01-22-2016, 08:05 PM

More efficient use of materials.

Fergy04

01-22-2016, 08:05 PM #3

More efficient use of materials.

Wolfyyy_
Senior Member

358

01-22-2016, 09:38 PM

I haven’t viewed the video yet, which makes it hard to understand the situation. However, many business network devices—like some older Cisco routers—don’t work with OpenVPN.

Wolfyyy_

01-22-2016, 09:38 PM #4

I haven’t viewed the video yet, which makes it hard to understand the situation. However, many business network devices—like some older Cisco routers—don’t work with OpenVPN.

Xpers_Gaming
Junior Member

01-22-2016, 11:04 PM

Why not use IPsec? Many devices support hardware acceleration, making it a well-defined method for point-to-point links. OpenVPN performance relies heavily on software optimization, while enterprise tools like ASA offer robust IPsec capabilities with broader adoption. Directly implementing IPsec on network appliances often provides better efficiency than routing through a hypervisor for all site-to-site needs. The best choice depends on your specific setup.

Xpers_Gaming

01-22-2016, 11:04 PM #5

Dropped_
Junior Member

01-24-2016, 09:39 AM

I understand your concern. Using it for home might not be ideal since your setup lacks some CPU optimizations built into the device. However, OpenVPN on AES-256-GCM is still functional, though it appears to utilize a single core.

Dropped_

01-24-2016, 09:39 AM #6

FrancisDragon
Member

213

01-25-2016, 04:37 AM

IPsec might offer lower security because it isn't an open standard, raising worries about potential backdoors from the NSA. It also tends to be less efficient on devices without hardware acceleration, since it adds another layer on top of L2TP instead of using a single protocol like OpenVPN. OpenVPN's simplicity becomes easier on CPUs that support AES acceleration, which is expected to be required for the upcoming pfSense version.

FrancisDragon

01-25-2016, 04:37 AM #7

xxpod156
Junior Member

01-26-2016, 01:19 PM

It shows AES speed but only uses a single core. I want to fully utilize my gigabit internet connection with it.

xxpod156

01-26-2016, 01:19 PM #8

It shows AES speed but only uses a single core. I want to fully utilize my gigabit internet connection with it.

ghostghillie07
Member

234

01-27-2016, 07:36 PM

I realize my earlier assessment was off; OpenVPN can be quite demanding on the CPU even with AES-NI support. I noticed my i5-3470T reaches 35% CPU usage at 64Mbit, though the frequency fluctuates, making it hard to predict full performance. Turning on maximum power no longer displays the clock speed on the display, so I’m uncertain if it’s functioning properly. The load appears consistent, which is unexpected given how fast AES-NI should be. In any case, Gigabit Ethernet still seems far beyond its capabilities.

ghostghillie07

01-27-2016, 07:36 PM #9

EVGRClutch
Member

245

01-31-2016, 11:38 PM

#10

I understand, when I download files I only reach about 30MB/s with gigabit connections. In PFSSL with top running, OpenVPN uses around 23-24% CPU. I have an i7 4790K that would work fine if I upgraded the power supply, but I’m considering a more powerful one just in case.

EVGRClutch

01-31-2016, 11:38 PM #10

Pages (3): 1 2 3 Next