Updated gre-plus-ipsec (markdown)

2024-12-01 14:58:11 +01:00 · 2013-01-02 21:49:44 +01:00 · 2013-01-02 21:49:44 +01:00 · ae53aeaaeb
commit ae53aeaaeb
parent 04b85e84e1
1 changed files with 21 additions and 7 deletions
--- a/gre-plus-ipsec.md
+++ b/gre-plus-ipsec.md
@ -1,13 +1,27 @@
-# Why GRE?
+# GRE+IPsec

-# Why IPsec?
+## Why GRE?
+* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.
+* It has a smaller header than UDP.
+* GRE tunnels are processed in-kernel on *nix systems.
+* It's supported by hardware routers.

-# Problems with GRE
+## Why IPsec?
+* GRE provides no encryption and authentication of it's own.
+* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.

-# Problems with IPsec
+## Problems with GRE
+* GRE is defined directly on top of IP.
+* Broken NAPT implementations will stop GRE tunnels.

-# Requirements for sane operation
+## Problems with IPsec
+* ESP is defined directly on top of IP.
+* NAT support was added as an aftertought to IPsec.
+* IKEv1 is too complex.
+* Racoon has useless error messages.

-# How to configure a GRE tunnel on FreeBSD
+## Requirements for sane operation

-# How to configure IPsec on FreeBSD
+## How to configure a GRE tunnel on FreeBSD
+
+## How to configure IPsec on FreeBSD