[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: VPN + Roadwarrior



also sprach Noah L. Meyerhans <noahm@debian.org> [2002.12.12.1656 +0100]:
> On Thu, Dec 12, 2002 at 09:39:27AM -0500, Phillip Hofmeister wrote:
> > If you implement IPSec, my experience (as of 6 months ago) with IPSec is
> > that it works great, as long as you use the same implementation on all
> > host.
> 
> I don't really agree with that.  I have used several different IPsec
> implementations and interoperated successfully.

me too. i've had all of freeswan, native 2.5, cisco, sonicwall, nokia,
check point, *BSD and win2k interoperate. it wasn't always easy
(especially windoze, check point and cisco), but it works.

> www.freeswan.org has quite a bit of interoperability documentation.

this site has very good documentation in general. but it takes time.
no expert reference.

> Basically, the only difficulties come from the fact that the Internet
> Key Exchange (IKE) protocol, defined in RFC 2409, has so damn many
> configurable parameters that it's easy to missconfigure it.  Since there
> isn't (and probably won't ever be) a standard set of defaults, this can
> get confusing.

it's getting there... ISAKMP/Oakley...

-- 
Please do not CC me! Get a proper mailer instead: www.mutt.org
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, and user
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
NOTE: The public PGP keyservers are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc

Attachment: pgpOndd6XVXE6.pgp
Description: PGP signature


Reply to: