Has anyone installed Openswan for an IPsec tunnel? Everything seems to be confugred correctly but maybe there are some kernel issues. Is there something we have to do before installing Openswan?

We have also the option of using racoon, but we face the same problem.

Looking forward to hearing from you.

If all you need is a tunnel between two machines you control, I'd recommend OpenVPN (http://openvpn.net/). Well documented, and no kernel stuff to mess with.

_________________
The irony is that Bill Gates claims to be making a stable operating system and Linus Torvalds claims to be trying to take over the world.
-- seen on the net

I use both Racoon for site-to-site tunneling and OpenVPN for road-warrior vpn (although I wouldn't discourage anyone from using OpenVPN for site-to-site either).

What particular problems are you concerned with? I don't know what you mean by "we face the same problem."

IPSec requires a set of kernel modules to be loaded or built in, but outside of that you don't really need to do anything to the kernel; it's just daemon configuration like any other server after that.

I'm afraid I haven't used Openswan, so I'm probably not very useful with that particular setup.

I've been using OpenVPN for road-warrior's for a while and I have noticed that the TAP Adapter v9 (installed by OpenVPN on a Windows client) has a 10MB/s Interface.

I've also found that on a 1Gbps LAN it maxes out the this 10MB's VPN link and doesn't go above this when transfering data.

Has anyone found a way to increase this TAP interface size?

Cheers,

Rich.