[ale] Putting wifi in the house

James P. Kinney III jkinney at localnetsolutions.com
Tue Jan 31 21:19:11 EST 2006


On Wed, 2006-02-01 at 01:38 +0000, hbbs at comcast.net wrote:
> Wresting the thread back on topic...
> 
> Do I understand that IPsec is not for the CPU-challenged?  Is a K7/700 w/128MB and no X over/underkill?
> 
> Jeff

Depends on the client load (assuming thats your proposed head end). Many
commercial Firewall system with VPN have substantially weaker cpu's and
can handle 10 simultaneous VPN clients.

Since you are looking at 2-3 laptops hitting that K7 for VPN traffic,
you _should_ have no trouble. 

Like ssh, IPSEC uses a PKI system to initiate a connection (very compute
intensive) then passes over a key for a 2-way cipher that can
encrypt/decrypt quickly and enforces frequent key changes. I know the
initial key exchange happens through the PKI transmission process. I'm
pretty sure the following key changes do as well. So even if someone
sniffs data and brute forces a key for a sequence of packets, they can't
get the key for the next sequence from that brute force event.

-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list