Re: [Openvpn-users] VPN without encryption and auth
Hi, On Wed, Aug 02, 2017 at 02:37:00PM +0200, David Sommerseth wrote: > To me, it sounds more like you just need an IPIP tunnel. Something > which shouldn't be too hard to achieve with iproute2, which would then > give the least overhead. "ipip tunnel with user authentication, so the client side IP can vary without having to reconfigure anything" is, basically, what OpenVPN with --encryption none will give you... So I can see the use case :-) - people used to do that with PPTP or L2TP, and especially the latter is fairly complicated to set up under Linux. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] VPN without encryption and auth
Disabling that all? You might as wel simply use GRE, ip4-in-ip4 See LARTC From: Abi Askushi [mailto:rightkickt...@gmail.com] Sent: woensdag 2 augustus 2017 13:42 To: openvpn users list (openvpn-users@lists.sourceforge.net) Subject: [Openvpn-users] VPN without encryption and auth Hi All, I am considering to setup OpenVPN without encryption and packet authorization, as a way to lower the VPN overhead, by using the following directives: cipher none auth none Apart from having the tunneled traffic on the clear, since now it will not be encrypted, what other implications are there for going like this? My main concern for this setup is not the encryption, but low overhead. FYI, when testing standard VPN setup, with AES-128-CBC cipher and auth enabled, + lzo compression, I was receiving 14 - 18% VPN overhead on top the total udp traffic observed on WAN. When disabling encryption and auth, I received 6% overhead. Thanx in advance for your feedback. Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] VPN without encryption and auth
On 02/08/17 13:41, Abi Askushi wrote: > Hi All, > > I am considering to setup OpenVPN without encryption and packet > authorization, as a way to lower the VPN overhead, by using the > following directives: > > cipher none > auth none > > Apart from having the tunneled traffic on the clear, since now it will > not be encrypted, what other implications are there for going like this? > > My main concern for this setup is not the encryption, but low overhead. > > FYI, when testing standard VPN setup, with AES-128-CBC cipher and auth > enabled, + lzo compression, I was receiving 14 - 18% VPN overhead on top > the total udp traffic observed on WAN. When disabling encryption and > auth, I received 6% overhead. > > Thanx in advance for your feedback. Configuring OpenVPN without encryption is a peculiar use case I've seldom quite understood, except if you're doing some research on various crypto or network related scenarios. For production need, there are far better solutions. It's almost like having an Aston Martin DB9 and not wanting to turn on the engine because you want to let it roll downhill on the road by itself. Probably a fun experience, but is it useful? To me, it sounds more like you just need an IPIP tunnel. Something which shouldn't be too hard to achieve with iproute2, which would then give the least overhead. -- kind regards, David Sommerseth signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] VPN without encryption and auth
Hi All, I am considering to setup OpenVPN without encryption and packet authorization, as a way to lower the VPN overhead, by using the following directives: cipher none auth none Apart from having the tunneled traffic on the clear, since now it will not be encrypted, what other implications are there for going like this? My main concern for this setup is not the encryption, but low overhead. FYI, when testing standard VPN setup, with AES-128-CBC cipher and auth enabled, + lzo compression, I was receiving 14 - 18% VPN overhead on top the total udp traffic observed on WAN. When disabling encryption and auth, I received 6% overhead. Thanx in advance for your feedback. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users