[114498] in cryptography@c2.net mail archive
Re: Gutmann Soundwave Therapy
daemon@ATHENA.MIT.EDU (Guus Sliepen)
Sat Feb 2 12:56:56 2008
Date: Sat, 2 Feb 2008 13:13:02 +0100
From: Guus Sliepen <guus@sliepen.org>
To: Cryptography <cryptography@metzdowd.com>
Cc: Sandy Harris <sandyinchina@gmail.com>
Mail-Followup-To: Guus Sliepen <guus@sliepen.org>,
Cryptography <cryptography@metzdowd.com>,
Sandy Harris <sandyinchina@gmail.com>
In-Reply-To: <c5528eee0801312251i4ddec5d5v4aea1e7713fd010@mail.gmail.com>
--qpPEP5KwiTnADq8L
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Feb 01, 2008 at 02:51:36PM +0800, Sandy Harris wrote:
> What I don't understand is why you think tinc is necessary,
> or even worth the trouble.
>=20
> IPsec is readily available -- built into Windows, Mac OS
> and various routers, and with implementations for Linux
> and all the *BSDs -- has had quite a bit of expert
> security analysis, and handles VPNs just fine.
>=20
> Does tinc do something that IPsec cannot?
Yes, there are a few reasons why people use tinc instead of IPsec. Those
people who tried both tell me tinc is much easier to set up. Tinc
tunnels over UDP and/or TCP. This allows it to work in situations where
IPsec would not, for example behind (masquerading) firewalls. Tinc does
not need fixed IP addresses at endpoints; endpoints can have more than
one IP address, or hostnames, so it even works when one has dynamic DNS.
With tinc, you can set up VPNs with more than 2 nodes, not by
configuring more tunnels, but just by specifying endpoints. Tinc itself
will handle the packet routing. It tries to set up a full mesh, but it
has a built-in routing protocol, not unlike OSPF, that can route packets
via intermediate nodes if that is necessary. As a side effect it
provides some redundancy.
--=20
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@sliepen.org>
--qpPEP5KwiTnADq8L
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHpF5OAxLow12M2nsRAoy2AJ0Y0bWuUISxcpCxoFX2ipHJvHb1KgCggSog
W9FH4z17UntnZR+Jj+nApDE=
=hjWt
-----END PGP SIGNATURE-----
--qpPEP5KwiTnADq8L--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
