[Babel-users] tunnels

[StarBrilliant]

On Sat, Oct 13, 2018 at 3:02 PM Dave Taht <dave.taht at gmail.com> wrote:
>
> I keep seeing people talk about running tunnels via babel. Is there a howto
> about how to do it? With wireguard? ipsec ? ssh? Or ?
>
> My use case would probably be:
>
> ipv4 - ipv6 ------------------------------------------
>           gw - interior router - more routers -> AP - ipv4
>

Hi,

Wireguard is a good, fast, secure choice if your device supports it.
(Plain Linux / OpenWRT / VyOS have good support.)

IPsec can be very secure but most people don't know how to configure
it securely, so many real-world IPsec tunnels end up with insecure
3DES-SHA1 cipher. Therefore I don't recommend IPsec unless your device
only supports it, or you know how to turn on AEAD + PFS.

SSH is bad for tunneling because it runs on top of a single TCP
connection which is prone to packet-loss or unstable network
conditions, resulting in unbearable speed most of the time.

I have been working on a mesh tunnel (> 3 nodes) generator named
VxWireguard-Generator [1]. Babeld is supported by this project.

When you run Babeld on tunneled networks, remember to turn on RTT
measurement in babeld.conf.

Best regards,
StarBrilliant

[1]: https://github.com/m13253/VxWireguard-Generator