Re: An IPsec tunnel implementation for Linux using CryptoAPI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hello!

On Wed, 2002-04-24 at 00:17, Tobias Ringstrom wrote:
> A little bit off-topic perhaps, but I'd like to congratulate you all on an
> extremely useable piece of software!  When I decicided to make a
> light-weight IPsec tunnel implementation some time ago I decided very
> early on to use your CryptoAPI, and found it really easy to use.
> 
> I now have a version of my IPsec tunnel implementation that seems to work
> just fine, and I think it's time to let you guys have a peek at it.  You
> can find the code and a first stab at actual documentation at
> 
> 	http://ringstrom.mine.nu/ipsec_tunnel/
> 
> Please remeber that this is an early version, and I do not guarantee
> anything.  It does seem to interoperate with OpenBSD's IPsec though, and I
> have been using it for several weeks myself.
> 
> And yes, I've heard about FreeS/WAN...  :-)
> 
> I'm interested in any comments or questions!

I decided to CC this reply to the lkml, since IMO more people should
know about this implementation of yours.

I've taken a quick look at your webpage and the source code itself...
one thing I saw is, that your implementation doesn't require any
modification to the main kernel -- i.e. no patching required -- it's a
plugin... just like CIPE... (which btw uses cryptoapi as well in its
latest code base)
(thus you don't even need to reboot your system in order to enable
lightweight IPSEC in your kernel...)
-- this fits well with the cryptoapi, which can add modular crypto
support without needing to patch or reboot your kernel...

I think, some people will like this lightweight IPSEC/IPv4
implementation, since it doesn't have the eroute/route-filtering
facility of frees/wan... 

on the other hand, it's not a complete IPSEC implementation (yet)... it
only implements ESP for tunneling purposes, and lacks AH and IKE....
and frees/wan offers some advanced features like compression and icmp
handling, which ipsec_tunnel may still lack...

regards,
-- 
Herbert Valerio Riedel       /    Phone: (EUROPE) +43-1-58801-18840
Email: hvr@hvrlab.org       /    Finger hvr@gnu.org for GnuPG Public Key
GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748  5F65 4981 E064 883F
4142

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux