gre-plus-ipsec.md
... ...
@@ -1,13 +1,27 @@
1
-# Why GRE?
1
+# GRE+IPsec
2 2
3
-# Why IPsec?
3
+## Why GRE?
4
+* [GRE](https://en.wikipedia.org/wiki/GRE) provides universal encapsulation on top of IP.
5
+* It has a smaller header than UDP.
6
+* GRE tunnels are processed in-kernel on *nix systems.
7
+* It's supported by hardware routers.
4 8
5
-# Problems with GRE
9
+## Why IPsec?
10
+* GRE provides no encryption and authentication of it's own.
11
+* IPsec in implemented in-kernel on FreeBSD and Linux with multithreaded encryption resulting in a lower latency than userspace VPN daemons using tun/tap interfaces.
6 12
7
-# Problems with IPsec
13
+## Problems with GRE
14
+* GRE is defined directly on top of IP.
15
+* Broken NAPT implementations will stop GRE tunnels.
8 16
9
-# Requirements for sane operation
17
+## Problems with IPsec
18
+* ESP is defined directly on top of IP.
19
+* NAT support was added as an aftertought to IPsec.
20
+* IKEv1 is too complex.
21
+* Racoon has useless error messages.
10 22
11
-# How to configure a GRE tunnel on FreeBSD
23
+## Requirements for sane operation
12 24
13
-# How to configure IPsec on FreeBSD
... ...
\ No newline at end of file
0
+## How to configure a GRE tunnel on FreeBSD
1
+
2
+## How to configure IPsec on FreeBSD
... ...
\ No newline at end of file