From owner-freebsd-net@freebsd.org  Fri Nov 30 12:35:06 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7025B1143451
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Fri, 30 Nov 2018 12:35:06 +0000 (UTC)
 (envelope-from olivier@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 022DE8085A;
 Fri, 30 Nov 2018 12:35:06 +0000 (UTC)
 (envelope-from olivier@freebsd.org)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 (Authenticated sender: olivier/mail)
 by smtp.freebsd.org (Postfix) with ESMTPSA id AB80114AB5;
 Fri, 30 Nov 2018 12:35:05 +0000 (UTC)
 (envelope-from olivier@freebsd.org)
Received: by mail-pf1-f174.google.com with SMTP id u6so2734680pfh.11;
 Fri, 30 Nov 2018 04:35:05 -0800 (PST)
X-Gm-Message-State: AA+aEWazKYSHDB9UaiEVWFdgaFbnhmqTOOCY9GJ6d9OINJAc+ovkjaWV
 FYb0E9Mv3Kc6hQoNHS4pD1F2c/W4i/+E6d4wRIE=
X-Google-Smtp-Source: AFSGD/WslAkYcXu26jHjw8yRGf4R0ZdWiUJ1VdpgqqtmgZ3PA6cphUbRAUkFtMRPD/vmwZdOXKp1ia6ukxH7gwGAb28=
X-Received: by 2002:aa7:8552:: with SMTP id y18mr5531822pfn.83.1543581304541; 
 Fri, 30 Nov 2018 04:35:04 -0800 (PST)
MIME-Version: 1.0
References: <1519156224.20181130021136@serebryakov.spb.ru>
 <eb98de09-fe85-a978-15ef-b5c19f964f4e@grosbein.net>
 <881323908.20181130123008@serebryakov.spb.ru>
 <9ae35c3c-7af8-e513-7c20-e2d62f2b7b3e@grosbein.net>
 <108847324.20181130150424@serebryakov.spb.ru>
In-Reply-To: <108847324.20181130150424@serebryakov.spb.ru>
From: =?UTF-8?Q?Olivier_Cochard=2DLabb=C3=A9?= <olivier@freebsd.org>
Date: Fri, 30 Nov 2018 13:34:50 +0100
X-Gmail-Original-Message-ID: <CA+q+TcoQC=Xy_HBCo6jhoCzH0LRty=CD83kEjp_fFpsNu4sbHg@mail.gmail.com>
Message-ID: <CA+q+TcoQC=Xy_HBCo6jhoCzH0LRty=CD83kEjp_fFpsNu4sbHg@mail.gmail.com>
Subject: Re: IPsec: is it possible to encrypt transit traffic in transport
 mode?
To: lev@freebsd.org
Cc: eugen@grosbein.net, freebsd-net@freebsd.org
X-Rspamd-Queue-Id: 022DE8085A
X-Spamd-Result: default: False [0.90 / 15.00];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_SPAM_LONG(0.26)[0.261,0];
 NEURAL_SPAM_MEDIUM(0.32)[0.321,0];
 ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US];
 NEURAL_SPAM_SHORT(0.32)[0.322,0]
X-Rspamd-Server: mx1.freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2018 12:35:06 -0000

On Fri, Nov 30, 2018 at 1:05 PM Lev Serebryakov <lev@freebsd.org> wrote:

>  I'm benchmarking different possible "native" VPN configurations and I have
>  gif(4) and gre(4) with and without IPsec in my battery. I have tunnel mode
>  IPsec too. Problem with gif(4) and gre(4) that hey are tremendously
>  expensive, and could be more expensive than IPsec itself on CPUs with
> AES-NI.
>
>  So, this configuration impossible, I understand. Nothing to benchmark :-)
>
>
And what about using IPSec VTI (virtual tunneling interface) mode:
if_ipsec(4) ?