[Cryptography] WireGuard
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Sep 6 07:40:30 EDT 2018
paulv <metzdowd at bikkel.org> writes:
>For anybody wondering why this is the case, I would recommend to this person
>that they try to setup a really simple VPN connection between say .. a Mac,
>and a linux system on the net. The first thing you will discover is that if
>the product and the settings at both sides are not *exactly* the same, then
>you're in for a afternoon of debugging with tcpdump/wireshark.
That's a pretty accurate description of IPsec as seen by the typical sysadmin.
To establish an IPsec connection between two endpoints, you typically need
three instances of IPsec, one for endpoint A, one for endpoint B, and
OpenSWAN/Libreswan/whatever in debug mode to tell you why the other two can't
talk to each other.
>ipsec seems to be created for the ideal network administrator living in a
>ideal world managing a ideal network.
IPsec's ideal runtime environment is a Powerpoint slide projector. On
anything else, it's less than ideal.
Peter.
More information about the cryptography
mailing list