[Openswan dev] [PATCH 0/2] ESP_NULL support for openswan-2.4.6
mcr at xelerance.com
Mon Sep 25 12:59:50 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "JuanJo" == JuanJo Ciarlante <jjo-ipsec at mendoza.gov.ar> writes:
JuanJo> It's been a looong time... nice to actually have something to
JuanJo> contribute again :-)
JuanJo> I made this patch for a coleague with the following scenario:
JuanJo> 1) VoIP streams inside VPN (asterisks with private addressing)
JuanJo> 2) Deployment migrating from openswan-1.x to openswan-2.x
JuanJo> They were tunneling voip streams over esp=null-md5 SAs with
JuanJo> BW usage between ~44-48kbps.
While I'm not a fan of the non-standard nature of IAX2, I do
understand the need for trunking. May I ask if this was SIP or IAX2?
JuanJo> This is the main reason for ESP_NULL; with any current CBC cipher
JuanJo> the ~12bytes space added (8 for IV + 4 statistically for padding)
JuanJo> happens to be quite relevant for the ~90bytes VoIP datagram.
I can understand this... I will accept your patches, if you'll write
the test cases for them.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev