Re: performance of TIS Gauntlet

[James Croall <jcroall () foo org>]

> > BTW i know some people who run Gauntlet on free unices ({Free|Open|Net}BSD,
> > can't remember which ones) and so cut off the O/S cost.. They can't use
> > the features provided by kernel patches but they say they do not need it.

> Not possible. Gauntlet requires kernel changes that haven't been ported
> to any of the operating systems you mention.

I'm not too familiar with the kernel changes in the Gauntlet kernel, but
as far as I can tell it uses swIPe to provide the VPN support. swIPe has
been ported to NetBSD and FreeBSD, and could be ported to some of the
other BSD unices out there. Of course, you can always drop in your
favourite IPsec implementation and have even stronger encryption.

The only other serious kernel modification that I know of is the code to
provide transparent proxy support, and there are patches available to
add this to the various 4.4BSD unices out there.

Although if you're this die-hard about doing it yourself..

- James