On Sun, 17 Aug 2003 23:12:07 -0700 "H. Peter Anvin" <hpa@zytor.com> wrote: > I'm just trying to figure out where things are headed. It's obviously > undesirable to retain that situation indefinitely. The few times I've > looked at FreeS/WAN I've always thought it was a total mess to > configure, and ipsec-tools seems to be simpler, but I guess it's not > feature-complete enough (NAT-T missing, for one.) Things are definitely in a good state with the superfreeswan stuff. Herbert Xu has been doing an excellent job, in fact superfreeswan uses the netlink based configuration APIs instead of the broken pfkeyv2 stuff. I also believe that you'll have an easier time getting your XAUTH stuff merged upstream into superfreeswan than you will into KAME's racoon. Every time we've tried to even get Linux build fixes merged into racoon, it all gets ignored or dropped altogether. Maybe you can ping Herbert (herbert@gondor.apana.org.au) and work with him on this? > I'm sick of having to taint the kernel on my laptop due to inserting > a proprietary Crisco module I know, others including Linus complained about this a lot in the past. And you are definitely not the only ones in need of this. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
