From ae53aeaaebadeaf8ab4912c4fe79b3c722173779 Mon Sep 17 00:00:00 2001
From: gollum <info@planetcyborg.de>
Date: Wed, 2 Jan 2013 21:49:44 +0100
Subject: [PATCH] Updated gre-plus-ipsec (markdown)

---
 gre-plus-ipsec.md | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/gre-plus-ipsec.md b/gre-plus-ipsec.md
index ba1e750..f8fda84 100644
--- a/gre-plus-ipsec.md
+++ b/gre-plus-ipsec.md
@@ -1,13 +1,27 @@
-# Why GRE?
+# GRE+IPsec
 
-# Why IPsec?
+## Why GRE?
+* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.
+* It has a smaller header than UDP.
+* GRE tunnels are processed in-kernel on *nix systems.
+* It's supported by hardware routers.
 
-# Problems with GRE
+## Why IPsec?
+* GRE provides no encryption and authentication of it's own.
+* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.
 
-# Problems with IPsec
+## Problems with GRE
+* GRE is defined directly on top of IP.
+* Broken NAPT implementations will stop GRE tunnels.
 
-# Requirements for sane operation
+## Problems with IPsec
+* ESP is defined directly on top of IP.
+* NAT support was added as an aftertought to IPsec.
+* IKEv1 is too complex.
+* Racoon has useless error messages.
 
-# How to configure a GRE tunnel on FreeBSD
+## Requirements for sane operation
 
-# How to configure IPsec on FreeBSD
\ No newline at end of file
+## How to configure a GRE tunnel on FreeBSD
+
+## How to configure IPsec on FreeBSD
\ No newline at end of file