Re: Freeswan in Debian, or: Why I am such a bad maintainer

To: Wichert Akkerman <wichert@wiggy.net>
Cc: Bastian Blank <waldi@debian.org>, Dominique Kaiser <dommi_s1@gmx.net>, Giacomo Mulas <gmulas@ca.astro.it>, Steven Augart <augart@watson.ibm.com>, Lupe Christoph <lupe@lupe-christoph.de>, Anthony DeRobertis <anthony@derobert.net>, Andrew Pimlott <pimlott@idiomtech.com>, herbert@gondor.apana.org.au, Alexander Hvostov <alex@aoi.dyndns.org>, Daniel Pocock <daniel@pocock.com.au>, Russell Stuart <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, Christoph Martin <martin@uni-mainz.de>, Alexei Ustyuzhaninov <alust@UralskyGSM.com>, Marc Haber <mh+debian-bugs@zugschlus.de>, Jason Spence <jspence@lightconsulting.com>, Mike Fedyk <mfedyk@matchmail.com>, Luca Fornasari <luca.fornasari@easybit.it>, Torsten Knodt <tk-debian@datas-world.de>, Christian Perrier <bubulle@debian.org>, Luk Claes <luk.claes@ugent.be>, debian-devel@lists.debian.org, Nate Carlson <natecars@natecarlson.com>
Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
From: Rene Mayrhofer <rene.mayrhofer@gibraltar.at>
Date: Mon, 28 Jun 2004 15:17:00 +0200
Message-id: <[🔎] 40E01A4C.90107@gibraltar.at>
In-reply-to: <[🔎] 20040628130629.GB9561@wiggy.net>
References: <[🔎] 40E00DDA.3040807@gibraltar.at> <[🔎] 20040628130629.GB9561@wiggy.net>

Wichert Akkerman wrote:

As I undertand it Debian kernels now feature the Linux ipsec backport,
basically making the kernel-patch-freeswan stuff obsolete. So why not
simply just package the freeswan userland to use that? That should be
pretty simple.

Yes, Debian kernels have 26sec backported and thus work with openswanuserland out-of-the-box (with freeswan-compatible configs). However,there are still some issues in the interaction between IPSec tunnels andnetfilter (talk to Marc :) ), which need to be sorted out before theKLIPS stack will be obsolete (and yes, I'm waiting for that to happensince about 2 years, KLIPS is still painful). These issues are slowlygetting resolved though (finally due to introduction of the RAW table in2.6.7).

Unfortunately, openswan currently does not have the alg patch and thus
no AES etc.



3des is still the preferred algorithm so I don't see that being a real
problem.

Giacomo reported that AES is necessary for him. I am currently trying toget some info from the openswan maintainers on when it might be ready.


best regards,
Rene

Reply to:

Follow-Ups:
- Re: Freeswan in Debian, or: Why I am such a bad maintainer
  - From: "Daniel Pocock" <daniel@pocock.com.au>

References:
- Freeswan in Debian, or: Why I am such a bad maintainer
  - From: Rene Mayrhofer <rene.mayrhofer@gibraltar.at>
- Re: Freeswan in Debian, or: Why I am such a bad maintainer
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Freeswan in Debian, or: Why I am such a bad maintainer
Next by Date: Re: [RANT] French translation for debconf templates stucked at 90% : analysis
Previous by thread: Re: Freeswan in Debian, or: Why I am such a bad maintainer
Next by thread: Re: Freeswan in Debian, or: Why I am such a bad maintainer
Index(es):
- Date
- Thread