|
|
James Yonan wrote: In general, crypto accelerators focus on symmetric encryption (AES or Triple-DES), secure hashes (SHA-x), and random number generation. This will accelerate the encrypted "conversation" that occurs after initial authentication, but not necessarily the authentication process itself. Thanks. So OpenVPN will benefit from hardware encryption with static keys on connection setup where it will not benefit when using PKI. My servers cost much less than E600, but then I have to pay for them I''m thinking of going one better. I probably can get a set of IPs from a /24 (one would be enough for OpenVPN but I need more for other reasons). Use RIP or OSPF and IPIP to tunnel that to home over two consumer DSL connections. That way the IPs I get from the /24 are always routed to my home. I'll use linux-ha to make stuff fail-over, so my incoming connections always get routed to a live box. I'll probably run into mtu issues, but I'll tackle that as it occurs. I already have ran with an artificially lowered mtu some time ago to investigate pmtu blackholes, so I know what I'm up against, I just still don't completely understand OpenVPN combined with LZO compression and fragmentation. What happens when I send full size packets over a VPN link? Does fragmentation happen and when? Maybe there is something worthwhile to be said about this on the site? Now to find time to set it up..... :-( M4 Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-03/msg00073.html on line 220 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-03/msg00073.html on line 220 |