Hi, Here's another recurring topic about something pretty much broken all over the place, but that IMHO should be as easy to configure as possible, and as fast as possible to get working. No, not ACPI :-) Virtual Private Networks! ;-) Until now, I had only once the need to configure a VPN, between only 3 points, and all went pretty well between Red Hat Linux 7.3 and 9 servers using cipe, as that was the included alternative at the time. I kind of liked having cipcb interfaces show up as P-t-P and do all my routing over that, and must say I got used to it enough to be really confused when I had to consider setting up VPNs with Fedora Core... The first thing I tried, as I have to interoperate with the existing VPN was to add CIPE support to a Fedora Core system... after many oopses and kernel panics, I gave up and decided to move on to checking out IPSec, which I hadn't done in a long time! To my great surprise, no more (super)freeswan.org/.ca mess with/without x509 certificates, it's now all in openswan, which is part of Fedora Core, "great" I thought! But then I went digging... I found out how broken the config parser was, also how easy it was to "cut the branch I was sitting on"... and how hard it was to debug. Then I tried to figure the link between ipsec-tools and openswan (which Requires: them...), and I must say that I still can't find any. They seem to be both two parallel userspace sets of tools that use the same kernel crypto layer to operate... and after following the nice howto on http://www.ipsec-howto.org/ and finding solutions to my problems as I went forward on kame.net's mailing-list archives, I must say racoon and setkey are really soooooooo much easier to use! I've now got two test machines tunneling two networks between each other after just generating a few certificates and editing a couple of configuration files, and it should be just as easy for roadwarriors, neato! So, my question is : Which is the preferred IPSec set of tools for Fedora Core? Is it planned to move IPSec's integration a little forward, into the Network config tools for instance? If anyone with more *swan/kame/etc. knowledge can give me a little light on this, I'd really appreciate, as I still don't know if I've chosen the good direction. If ipsec-tools are there to stay, should I eventually do some quick tweaking to add an init script for it? Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora Core release 2.91 (FC3 Test 2) - Linux kernel 2.6.8-1.521.dell Load : 0.19 0.64 0.59
