Re: Setting up VPN's
On Fri, 16 May 2003, Andre Grueneberg wrote:
> Will FreeS/WAN's user-mode part (aka pluto) be ported to Linux 2.6
> IPSec? Otherwise FreeS/WAN is a dead end, while IPSec is the standard.
No. The FreeSWAN team has made it pretty clean that they do not want to
even risk any possible problem with the US trying to enforce strict
regulations of crypto software (which happened in the past, is NOT
happening now, might happen again in the future, albeit unlikely), hence
they do not want their code base to be "contaminated" by contributions
of any kind by US citizens. For this reason, the IPSec code in the 2.5
kernels (which will become 2.6 in due time) was forked from freeSWAN some
time in the past, and since then diverged, although retaining
compatibility, while the user space daemon was adapted from xBSD's racoon.
In short, present 2.4.x kernels+freeSWAN will be able to interoperate with
the native IPSec implementation in 2.5 and 2.6 kernels, but they will have
different (non-compatible) configuration files etc. It is also quite
possible that the freeSWAN people will port to 2.6 kernels, even while
remaining an external add-on, hence I would not say it is going to be a
dead end.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to: