[zeromq-dev] Securing ZeroMQ traffic with IPSec

Benjamin Henrion bh at udev.org
Fri Apr 6 15:05:08 CEST 2012


On Fri, Apr 6, 2012 at 2:53 PM,  <Jonathan.Meran at schneider-electric.com> wrote:
> Hello,
>
> Does anyone have experience using IPSec to secure ZMQ traffic? I take it
> this is the recommended security protocol to use since SSL is not an
> optional sockets layer for ZMQ? Any type of guidance or lessons learned
> would be much appreciated.

>From my own experience, IPsec is the worst VPN pseudo-standard,
especially if you rely on difference appliances trying to communicate
to each other.

Prefer something like OpenVPN, or even Tinc.

I maintain a Tinc VPN with 50 machines pointing to one box, works like
a charm for many months.

--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-3500762
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."



More information about the zeromq-dev mailing list