[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeswan in Debian, or: Why I am such a bad maintainer

> Wichert Akkerman wrote:
>> As I undertand it Debian kernels now feature the Linux ipsec backport,
>> basically making the kernel-patch-freeswan stuff obsolete. So why not
>> simply just package the freeswan userland to use that? That should be
>> pretty simple.
> Yes, Debian kernels have 26sec backported and thus work with openswan
> userland out-of-the-box (with freeswan-compatible configs). However,
> there are still some issues in the interaction between IPSec tunnels and
>   netfilter (talk to Marc :) ), which need to be sorted out before the
> KLIPS stack will be obsolete (and yes, I'm waiting for that to happen
> since about 2 years, KLIPS is still painful). These issues are slowly
> getting resolved though (finally due to introduction of the RAW table in
> 2.6.7).

The biggest problem with netfilter/native IPsec is lack of documentation. 
I've been able to get the two working together, but last time I looked
there was no official word on it at http://www.netfilter.org

Reply to: