[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeswan in Debian, or: Why I am such a bad maintainer

Previously Rene Mayrhofer wrote:
> Although I am a lot happier with the freeswan package now than I have
> been a year ago (it works at least out-of-the-box with standard Debian
> kernels, which is good(TM)), I am still unable to fix all possible
> combinations of freeswan and kernels.

As I undertand it Debian kernels now feature the Linux ipsec backport,
basically making the kernel-patch-freeswan stuff obsolete. So why not
simply just package the freeswan userland to use that? That should be
pretty simple.

> 3. Drop freeswan from Debian. As some might already guess, this is my 
> preferred solution. Why ? We already have openswan and at the current 
> state of development, I see no reason to support both. openswan is a 
> direct spin-off of freeswan and is based on the current 2.04 freeswan 
> code base.

Ah, if we already have OpenSwan dropping freeswan definitely seems a
good idea.

> Unfortunately, openswan currently does not have the alg patch and thus
> no AES etc.

3des is still the preferred algorithm so I don't see that being a real

> So I would like to hear from current freeswan users if they could switch 
> to openswan right now and if not, what is missing. freeswan is dead, we 
> need to face it.

I actually stopped using freeswan quite some time ago; I'm currently
using Linux 2.6 boxes with static keying. For critical stuff I'm not
even using Linux, I don't quite trust the ipsec support enough at the


Wichert Akkerman <wichert@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

Reply to: