Robert Moskowitz wrote: Hi,
A HIP and OpenVPN tunnel have roughly the same througput. It is even possible run HIP inside the OpenVPN tunnel, even though this seems to halve the throughput at least without any optimizations.What is a HIP tunnel?BEET SA.So this is not a well worded comparison. BEET packets are smaller than OpenVPN packets? In congested networks this may make a difference?
Running HIP-over-VPN has redundant crypto and smaller MTU. This halves the throughput. Please suggest how to rephrase?
Can you configure OpenVPN to use LSIs?I think the OpenVPN experiments were done using HITs.Oh? I have never seen any documentation that OpenVPN supports IPv6. Can it do 6 over 6? 4 over 6? I have only seen 4 over 4.
AFAIK, the tunnel was created using HITs as inner addresses and VPN IPv4 virtual addresses as outer addresses.
Does this make sense?According to Samu, there's htun (with propietary crypto) and vtun as alternatives to OpenVPN. Particularly, tinc might be good candidate.
Are you talking about plugging HIP over VPN or vice versa?I need classic VPN capablity over HIP in limited cases. Either I am on the road and need to access non-HIP systems within my home network (IPv6 or v4, I currently use SSH and want to use HIP instead), or I want to reach external non-HIP systems via a HIP mid-box and hide my internal address (use an address on the mid-box).LSIs are implemented using raw sockets and iptables. I can imagine that there could be problems, but you never know for sure until you try.I just thought LSIs for mobility if the VPN only supports IPv4 for the outter addressing.
