On Sun, 17 Aug 2003 23:12:07 -0700 "H. Peter Anvin" <hpa@zytor.com> wrote:
I'm just trying to figure out where things are headed. It's obviously undesirable to retain that situation indefinitely. The few times I've looked at FreeS/WAN I've always thought it was a total mess to configure, and ipsec-tools seems to be simpler, but I guess it's not feature-complete enough (NAT-T missing, for one.)
Things are definitely in a good state with the superfreeswan stuff.
Herbert Xu has been doing an excellent job, in fact superfreeswan uses the netlink based configuration APIs instead of the broken pfkeyv2 stuff.
I also believe that you'll have an easier time getting your XAUTH stuff merged upstream into superfreeswan than you will into KAME's racoon. Every time we've tried to even get Linux build fixes merged into racoon, it all gets ignored or dropped altogether.
Maybe you can ping Herbert (herbert@gondor.apana.org.au) and work with him on this?
Sounds like a good idea. I'll play around with it and see what I can come up with.
I'm sick of having to taint the kernel on my laptop due to inserting a proprietary Crisco module
I know, others including Linus complained about this a lot in the past. And you are definitely not the only ones in need of this.
Heck, if we can get this to work I might even set up my own inbound VPN server.
-hpa
- : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
