Re: [Ipsec-tools-devel] My dumb ipsec-tools question...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Thu, Jan 26, 2006 at 05:38:16PM +0100, VANHULLEBUS Yvan wrote:
> On Thu, Jan 26, 2006 at 07:02:34AM -0500, Dan McDonald wrote:
> > Okay - dumb question time.
> 
> Thanks to warn us about that :-)

I aim to please.

> > 	- Could one port ipsec-tools to OpenSolaris assuming it had all of
> > 	  the requisite kernel support?
> 
> Give me a working UltraSparc, Solaris kernel documentation and I'll do
> it :-)

Why UltraSPARC?  We work perfectly well on garden-variety x86 boxes too!
(And have for some time - S9 "suspension" of x86 be damned.)  I'm sure you
have a few of those lying around.

> And yes, ipsec-tools can (probably) be ported to "quite anything"
> which have a kernel IPSec stack and a PFKeyV2 interface.... that is
> for "basic features", some advanced features will need further kernel
> works (NAT-T encapsulation, etc....).

Remember that KAME augments PF_KEYv2 beyond 2367 - as does OpenSolaris.  Pity
we did them in two completely different manners.  (I'm assuming Linux copied
KAME's PF_KEY changes - please keep that in mind.)

OpenSolaris is funny in that it doesn't support (for now) Tunnel Mode per
2401.  We're fixing this, but we do support NAT-T.

I will engage this list more completely when Tunnel Reform (the Tunnel-Mode
fixes) is complete.

Thanks, I'm going back into my hole and write more code.

Dan