Re: [Ipsec-tools-devel] further development?
Brought to you by:
mit_warlord,
netbsd
From: Michal L. <mic...@lo...> - 2003-08-22 17:19:12
|
On Fri, 22 Aug 2003 uwe...@t-... wrote: > I've been working on ipsec-tool-0.2.2/linux-2.6.0-testx for a couple of > days. I'm planning to prepare a productin VPN gateway with the above > configuration. Hmm, production gateway with an unstable kernel... Are you sure you want to do this? Consider using NetBSD with setkey/racoon - it's perfectly usable and the configuration is the same. When 2.6.x kernel is mature enough you could easily move. > The present state of the software however isn't stable enough to solve > the problem. So I wonder if there will be some progress in the near > future, Progress on the kernel side or on the userspace side? As long as kernel API will not change I think racoon is fairly usable. What features are you missing? > or should I prefer the freeswan/linux-2.4.x solution. That's always an option - you can use SuperFreeS/WAN with X.509, NAT-T and other patches in this case. Future upgrade will probably be easier - I'm sure that freeswan guys will support 2.6 kernels as well. Anyway I vote for staying with 2.6+racoon and in the case you hit a bug report it either to this list and/or to kernel bugzilla. Michal Ludvig -- * A mouse is a device used to point at the xterm you want to type in. * Personal homepage: http://www.logix.cz/~mic |