On Wed, 2003-11-19 at 10:30, Christians, Stefan Mr. wrote: > 1) The reasons we had for choosing IPSEC over CIPE turned out to be > non-issues (all arguments we had for using IPSEC were never used, needed > or implemented). I have heard that CIPE is plagued of security problems and lacks a good design. IPSec, however, is a backport of the same functionality from IPv6 and I think it's a proven technology. > So now the big question for us is whether we should migrate our VPN > routers to Fedora Core 1 and convert them to CIPE, or whether we should > wait a few more months until the 2.6 kernel with integrated IPSEC is > included in the standard distribution. AFAIK, Fedora kernel doesn't rely on FreeSWAN anymore. Instead, they have backported the IPSec code from 2.6 kernels that is based on KAME/USAGI stack. > The key question here is whether CIPE will be maintained as a Fedora > Package once the 3.6 kernel is distributed, or whether it will gradually > be phased out. We want to avoid converting to CIPE now and then back to > IPSEC again after a year. I think you'd better stick with IPSec.
