Quote:
Originally Posted by jggimi
IPSec is more efficient than OpenVPN on the network.
|
Actually, I found that when you correctly tune the max MSS/MTU sizes and a couple of other tweekable params, OpenVPN outperformed it's alternatives.
That said ... I've blown my brains out with IPSec in mixed O/S topologies. Hence, once it was working, I didn't have and couldn't spend a lot of time tweeking and tuning. Also, shrew.net has evolved over time; therefore, while my experience is true at that point in time, it may not be true today and by another's (i.e. IPSec guru's) hand.
Architecturally speaking, OpenVPN's potential performance ceiling is that it is a userland app (thunking through pseudo TUN/TAP devices vs. IPSec being an in-kernel thing. While being a critique factor, I haven't found it to be a critical factor.
/S