Subject: Re: switching to ipsec-tool's racoon
To: Emmanuel Dreyfus <manu@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-net
Date: 12/16/2004 23:11:32
On Fri, Dec 17, 2004 at 12:52:45AM +0100, Emmanuel Dreyfus wrote:
> Jason Thorpe <thorpej@shagadelic.org> wrote:
> 
> > > Yes, we'll need libipsec and setkey as well. We have no local feature
> > > to merge here, right? 
> > I'm not sure... you'll have to examine the code.
> 
> There are differencies, but at first look, ipsec-tools always has more
> features than KAME. Comparing the setkey man pages, we won't loose
> anything.

It looks to me like with the ipsec-tools racoon, we lose AES support,
because there's a disagreement with the kernel about which algorithm
to use.  That, at least, is very important to fix.