Menu
I'm not trying to setup a VPN. I want to secure tcp sessions between services that might be implemented in either user-mode or as kernel daemons. If it weren't for the kernel requirement, TLS would probably suffice.
First target would be Linux; pointers to any example code in user or kernel mode would be dandy if there are any.
All the existing examples I've found are about creating VPNs and use a bunch of static configuration in protected directories, all of which I'd like to avoid. I imagine I'd looking at setsockopt things to define keys before listening and connecting, but have so far found nothing.
422
The main difference between IPsec and SSL VPNs is the endpoints for each protocol. While an IPsec VPN allows users to connect remotely to an entire network and all its applications, SSL VPNs give users remote tunneling access to a specific system or application on the network.
When it comes to corporate VPNs that provide access to a company network rather than the internet, the general consensus is that IPSec is preferable for site-to-site VPNs, and SSL is better for remote access.
In other words, IPsec VPNs connect hosts or networks to a protected private network, while SSL/TLS VPNs securely connect a user's application session to services inside a protected network. IPsec VPNs can support all IP-based applications. To an application, an IPsec VPN looks just like any other IP network.
IPsec and SSL/TLS function at different layers of the OSI model, but both can be used for VPNs.
VPN will just offer you secure tunnel for your communication also this comes with price of slow connection or overhead. IF you are looking for Ipsec be ware that programatically trying to get a secure and chaning IP itself comes with the same price of large overhead for communication. It is important to know that what is your specific need. Like if you are not bothered about overhead or extra cost, you can definitely go ahead do IPSec at Network layer. But if you are worried about the performance issues or you want less overhead in your communication SSL/TLS is better for offering you desired security.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
