Re: Future of VPN: CIPE or IPSEC?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2003-11-20 at 00:31, Dave Jones wrote:
> Long term, CIPE is going away. Hopefully for FC2.
> IPSec is the way forward, however the existing FC1 doesn't support it.
> Additionally, Freeswan may not be 100% compatable with what will be
> in FC2. The last I heard there were some problems connecting a Linux 2.5
> IPSEC box to Freeswan. I don't know if they got worked out, or even if
> its possible to be worked out.  Also the userspace tools are completley
> different between Freeswan and what will be in FC2.
> 
> A nice project for someone interested in this area, would be to get the 2.4
> backport of the IPSEC code (try the Taroon SRPM for a good start).
> and bend that to fit the FC1 kernel. The Taroon SRPMs for the userspace
> tools should recompile easily enough under Fedora..
> With this done, you'll be ready and prepared when we get to FC2.
> 
> 		Dave

Dave,

Thanks for your input on this matter, and also thank you for clarifying
in detail the situation on where FC1 is standing in regards to IPSEC (in
both of your postings).

We have been anticipating a backport of kernel-integrated ipsec for FC1
since it was also included in TAROON, but then there were some mailings
about this topic a few months ago where it awas clearly said that FC1
would not natively support IPSEC.

In our opinion, any backport to the 2.4 kernel for Fedora would be
purely academic, as probably everybody who is using FC1 now is only
using it temporarily until the first distribution with a 2.6 kernel is
out anyway.

>From what we have gathered so far in howtos and mailing lists, any
existing FreeS/wan configurations will not be able to port directly to
2.6 kernel setttings. But the main point (at least for us) is that
anybody who uses FreeS/wan now will have no problems in setting up a VPN
with the 2.6 kernel without having to try to remember how a wheel works.
After all the responses in favour of IPSEC in one way or the other, we
have decided to just keep our VPN routers as they are (RH 9 with
FreeS/wan patch) and only migrate them when the 2.6 kernel is out.

So we will pull out of this discussion now, but without wanting to
discourage anybody to discuss the topic further. Once again thank you
for all your responses which have been very helpful to us for planning
our migration.

-- 
Sincerely,

K.K. Alice
S. Christians




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux