Re: Freeswan in Debian, or: Why I am such a bad maintainer
- To: "Rene Mayrhofer" <rene.mayrhofer@gibraltar.at>
- Cc: "Wichert Akkerman" <wichert@wiggy.net>, "Bastian Blank " <waldi@debian.org>, "Dominique Kaiser " <dommi_s1@gmx.net>, "Giacomo Mulas " <gmulas@ca.astro.it>, "Steven Augart " <augart@watson.ibm.com>, "Lupe Christoph " <lupe@lupe-christoph.de>, "Anthony DeRobertis " <anthony@derobert.net>, "Andrew Pimlott " <pimlott@idiomtech.com>, herbert@gondor.apana.org.au, "Alexander Hvostov " <alex@aoi.dyndns.org>, "Daniel Pocock " <daniel@pocock.com.au>, "Russell Stuart " <russell-debian-bug@stuart.id.au>, dalhagen@tele-net.net, "Christoph Martin " <martin@uni-mainz.de>, "Alexei Ustyuzhaninov " <alust@uralskygsm.com>, "Marc Haber " <mh+debian-bugs@zugschlus.de>, "Jason Spence " <jspence@lightconsulting.com>, "Mike Fedyk " <mfedyk@matchmail.com>, "Luca Fornasari " <luca.fornasari@easybit.it>, "Torsten Knodt " <tk-debian@datas-world.de>, "Christian Perrier " <bubulle@debian.org>, "Luk Claes " <luk.claes@ugent.be>, debian-devel@lists.debian.org, "Nate Carlson" <natecars@natecarlson.com>
- Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
- From: "Daniel Pocock" <daniel@pocock.com.au>
- Date: Mon, 28 Jun 2004 14:32:58 +0100 (BST)
- Message-id: <[🔎] 32925.213.228.220.45.1088429578.squirrel@secure.trendhosting.net>
- In-reply-to: <[🔎] 40E01A4C.90107@gibraltar.at>
- References: <[🔎] 40E00DDA.3040807@gibraltar.at> <[🔎] 20040628130629.GB9561@wiggy.net> <[🔎] 40E01A4C.90107@gibraltar.at>
> Wichert Akkerman wrote:
>> As I undertand it Debian kernels now feature the Linux ipsec backport,
>> basically making the kernel-patch-freeswan stuff obsolete. So why not
>> simply just package the freeswan userland to use that? That should be
>> pretty simple.
> Yes, Debian kernels have 26sec backported and thus work with openswan
> userland out-of-the-box (with freeswan-compatible configs). However,
> there are still some issues in the interaction between IPSec tunnels and
> netfilter (talk to Marc :) ), which need to be sorted out before the
> KLIPS stack will be obsolete (and yes, I'm waiting for that to happen
> since about 2 years, KLIPS is still painful). These issues are slowly
> getting resolved though (finally due to introduction of the RAW table in
> 2.6.7).
>
The biggest problem with netfilter/native IPsec is lack of documentation.
I've been able to get the two working together, but last time I looked
there was no official word on it at http://www.netfilter.org
Reply to: