[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ssh tunnels vs. ipsec tunnels


  This isn't an OpenBSD specific question and I apologize, but I was
asked what are the pros and cons of using ssh tunnels in contrast of
ipsec tunnels? Except for the obvious things: ssh is layer 7 and ipsec
is layer 3. ssh only tunnels tcp while ipsec tunnels everything at its
entry point. ipsec is transparent to the layers above while ssh isn't.
 ssh has less overhead while ipsec has a higher overhead. But what
about authentication/vulnerability of the protocol to attacks? Load on
the OS? Authentication options? Configuration (and especially how easy
is to misconfiguration it to create a weak point)? Any other thing I
didn't think of?