Does OpenVPN really use IPSec-over-UDP ?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
alexeypolo
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 01, 2016 11:16 am

Does OpenVPN really use IPSec-over-UDP ?

Post by alexeypolo » Wed Jun 01, 2016 11:25 am

Hello,
I am bringing up a VPN server node, which needs to support both IPSec and TLS/SSL vpns. The IPSec traffic is going to be accelerated with DPDK. Since DPDK works at L2/3, it cannot accelerate higher level traffic (at least not at protocol level). Until today I thought that OpenVPN has no relation to IPSec and a s a result, I will be only be able to accelerate OpenVPN crypto operations (if any).

However, I came across this "Why OpenVPN" documentation: https://openvpn.net/index.php/open-sour ... envpn.html
It says that OpenVPN over UDP actually uses IPSec ESP tunnel !!!
Is this true or is it a typo?
I looked for ipsec in the source repo on github, but didn't find anything that would suggest that IPSec tunnel is actually used.

Appreciate your help!
Alexey

FalconTent
OpenVPN User
Posts: 18
Joined: Fri Sep 12, 2014 3:29 pm

Re: Does OpenVPN really use IPSec-over-UDP ?

Post by FalconTent » Wed Jun 01, 2016 12:47 pm

alexeypolo wrote:It says that OpenVPN over UDP actually uses IPSec ESP tunnel !!!
It actually says:
OpenVPN's security model is based on using SSL/TLS for session authentication and the IPSec ESP protocol for secure tunnel transport over UDP
which I believe means .. the same Idea but not the same protocol.

OpenVPN protocol is not compatible with IPSec protocol .. nor vice-versa ..

Questions regarding IPSec come up from time to time possibly because some of the documentation has not been suitably revised .. due to time constraints of the developers.

Post Reply