what about OpenVPN ? On Wed, 2003-11-19 at 12:28, Felipe Alfaro Solana wrote: > On Wed, 2003-11-19 at 10:30, Christians, Stefan Mr. wrote: > > > 1) The reasons we had for choosing IPSEC over CIPE turned out to be > > non-issues (all arguments we had for using IPSEC were never used, needed > > or implemented). > > I have heard that CIPE is plagued of security problems and lacks a good > design. IPSec, however, is a backport of the same functionality from > IPv6 and I think it's a proven technology. > > > So now the big question for us is whether we should migrate our VPN > > routers to Fedora Core 1 and convert them to CIPE, or whether we should > > wait a few more months until the 2.6 kernel with integrated IPSEC is > > included in the standard distribution. > > AFAIK, Fedora kernel doesn't rely on FreeSWAN anymore. Instead, they > have backported the IPSec code from 2.6 kernels that is based on > KAME/USAGI stack. > > > The key question here is whether CIPE will be maintained as a Fedora > > Package once the 3.6 kernel is distributed, or whether it will gradually > > be phased out. We want to avoid converting to CIPE now and then back to > > IPSEC again after a year. > > I think you'd better stick with IPSec. > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-list -- geo, "Don't cry because it's over, smile because it happned !"
