Followup to: <20030816052316.0ef970a3.davem@redhat.com> By author: "David S. Miller" <davem@redhat.com> In newsgroup: linux.dev.net > > On Fri, 15 Aug 2003 18:09:49 -0700 > "H. Peter Anvin" <hpa@zytor.com> wrote: > > > Hmmm... maybe I should hack in XAuth (or if you think it'd be a quick > > one...) vpnc contains an apparently working XAuth implementation that I > > can maybe crib off. > > > > http://people.redhat.com/~katzj/vpnc-0.1-3.src.rpm > > Go for it. > > You could also hack vpnc to configure the kernel instead of > it's internal IPSEC implementation. I intended to do this > at one point but never got the time. > > On the client side the only thing XAUTH needs is the packet > formats and asking the user for the passphrase, it's pretty > trivial. You don't even need a RADIUS implementation or > anything like that. > > The hard part is the IKE side code to support the other end. > By the way... what IKE is the one that people are actually using? ipsec-tools or (Super)FreeSWAN (pluto)? It seems that it would be a mess to maintain 2^n different IKEs for different feature sets, especially when one goes "oh, I need features Q, X and Z..." -hpa -- <hpa@transmeta.com> at work, <hpa@zytor.com> in private! If you send me mail in HTML format I will assume it's spam. "Unix gives you enough rope to shoot yourself in the foot." Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html