Re: Freeswan in Debian, or: Why I am such a bad maintainer

To: debian-devel@lists.debian.org
Subject: Re: Freeswan in Debian, or: Why I am such a bad maintainer
From: Florian Weimer <fw@deneb.enyo.de>
Date: Mon, 12 Jul 2004 15:31:39 +0200
Message-id: <[🔎] 87y8lpfj2c.fsf@deneb.enyo.de>
In-reply-to: <20040628142423.GO6752@torres.ka0.zugschlus.de> (Marc Haber's message of "Mon, 28 Jun 2004 16:24:23 +0200")
References: <40E00DDA.3040807@gibraltar.at> <20040628130629.GB9561@wiggy.net> <20040628142423.GO6752@torres.ka0.zugschlus.de>

* Marc Haber:

> On Mon, Jun 28, 2004 at 03:06:29PM +0200, Wichert Akkerman wrote:
>> As I undertand it Debian kernels now feature the Linux ipsec backport,
>> basically making the kernel-patch-freeswan stuff obsolete. So why not
>> simply just package the freeswan userland to use that? That should be
>> pretty simple.
>
> Linux 2.6 ipsec sucks, because it makes packet filtering much harder
> and more complicated, and debugging nearly impossible because you
> don't see the unencrypted packet with tcpdump.

This model fits better to ESP Transport Mode, though.

Does anybody know if Transport Mode is here to stay (say, in
OpenSwan), or if it will go away?  It's rather convenient because you
don't have to assign another set of IP addresses to all servers.

Reply to:

Prev by Date: Re: Mozilla "PostScript/default" security problems
Next by Date: Re: Mozilla "PostScript/default" security problems
Previous by thread: Re: Freeswan in Debian, or: Why I am such a bad maintainer
Next by thread: Bug#257979: ITP: freebsd-sendpr -- FreeBSD fork of send-pr (from GNU GNATS)
Index(es):
- Date
- Thread