I would appreciate comments on some IPSec design issues. A transportation manufacture recently requested proposals for a Linux based system to put Internet and email services on their vehicles. This system would let passengers plug a laptop into the on board network. A number of protocols were specified including IPSec. They also specified Linux kernel 2.4.x. It seemed to me that they intended IPSec to be used from transportation vehicle to satellite to fixed server. The VP of Technology here has recently discussed using IPSec on board vehicle from web server, email server and file server to passenger seats - typically many hundreds of passengers. The transportation manufacture specified: "The file server will not preclude a user from initiating and completing a supported VPN connection from their user device through the transportation manufacturer network using the IPSec and PPTP protocol, as a minimum. The system should allow the user to switch between IPSec VPN and non-VPN without need of rebooting the laptop. The system will only pass IP based protocols between the laptop passenger interface and the file server. Passenger laptops will be assigned default gateway address via DHCP. The default gateway should reside in the server. The system will by default, route user outbound packets to a configurable gateway." Is it feasible to support IPSec from a passenger's laptop when implementations of IPSec vary and either ESP or AH modes might be used? If feasible what performance hit would be involved? I have heard estimates of 40% when encryption is used (mileage may vary I suppose based on CPU speed and resources). I assumed that a "default gateway at the server" implied that the IPSec pipe started or ended there. Since the transportation manufacturer called out other security requirements to the passenger seat, I assumed that IPSec to the seat was not required. Examples of requested security: "Multiple passengers will not be connected to shared physical media. Laptop users will not be permitted to view packets from another user's network session. Each passenger's laptop's user interface will be isolated to its own link layer subnetwork. The passenger laptop will not be able to access unauthorized IP address. The system will be immune to DoS attacks. The server will ensure that passenger laptop's can only pass packets with that user's assigned IP address." My main question are, 1) "Does the transportation manufacturer really want IPSec extended directly to the passenger's laptop?" 2) "Would it even be feasible to automate re configuration of IPSec software running on a passenger laptop to avoid compatibility issues?" 3) "What would the performance cost be of running ESP or AH IPSec on a laptop that might also be viewing an MPEG2 movie, web browsing or playing a game?" I would appreciate any opinions you care to offer. The job you save may be my own. <s> Thanks, Ed