[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeswan in Debian, or: Why I am such a bad maintainer

On Mon, 28 Jun 2004, Marc Haber wrote:
> Linux 2.6 ipsec sucks, because it makes packet filtering much harder and
> more complicated, and debugging nearly impossible because you don't see
> the unencrypted packet with tcpdump.

26sec (the 2.6 stack) also makes NAT'ing connections behind an IPSec peer 
more difficult, too.

Apparently, there are new patches for Netfilter in the pom that are
supposed to help; I haven't yet had a chance to try them, though.

I'm still running KLIPS for now, even on 2.6. I miss my ipsec interfaces
with 26sec.  :)

| nate carlson | natecars@natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |

Reply to: