View Single Post
Old 1st July 2009
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Quote:
Originally Posted by jggimi View Post
IPSec is more efficient than OpenVPN on the network.
Actually, I found that when you correctly tune the max MSS/MTU sizes and a couple of other tweekable params, OpenVPN outperformed it's alternatives.

That said ... I've blown my brains out with IPSec in mixed O/S topologies. Hence, once it was working, I didn't have and couldn't spend a lot of time tweeking and tuning. Also, shrew.net has evolved over time; therefore, while my experience is true at that point in time, it may not be true today and by another's (i.e. IPSec guru's) hand.

Architecturally speaking, OpenVPN's potential performance ceiling is that it is a userland app (thunking through pseudo TUN/TAP devices vs. IPSec being an in-kernel thing. While being a critique factor, I haven't found it to be a critical factor.

/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote