On Fri, Jun 25, 2004 at 05:49:33PM +0200, Salvatore Basso wrote: > Hi and thanks for most useful indications that you have supplied to me, therefore if I have understood well what you have explained to me I can use: > - fc2 with kernel 2.6 > - ipsec-tools 0.3.3 > in ipsec-tools is comprised Racoon that replaces pluto, just? Correct. There are actually two applications, setkey and racoon. Setkey is used to manipulate the security policy database (SPD) while Racoon is the IKE daemon. This is one area where *SWAN is definitely superior. With *SWAN, you have one set of common configuration files. With ipsec-tools, you have to manage the policy database and the IKE configuration separately. It's confusing at best when you are use to *SWAN. > therefore in order to construct the vpn with the support nat-t I do not have to install openswan and I do not have to compile the kernel, just? Correct. > I use 3des, there am problems with ipsec-tools/racoon? Not a problem. With the exception of unadorned RSA keys, I think you will find everything that is supported in OpenSWAN is supported in Racoon, though maybe a bit differently. The changes in configuration definitely take some getting use to. > still thanks !! > ---------- > > Salvatore. Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Attachment:
pgpunaN99LD82.pgp
Description: PGP signature
