Re: KAME IPsec vs Fast IPsec

To: Thor Lancelot Simon <tls%rek.tjls.com@localhost>
Subject: Re: KAME IPsec vs Fast IPsec
From: Arnaud Degroote <degroote%netbsd.org@localhost>
Date: Sat, 19 Apr 2008 11:53:50 +0200

On Tue, Apr 15, 2008 at 04:44:32PM -0400, Thor Lancelot Simon wrote:
> On Tue, Apr 15, 2008 at 12:37:00PM -0700, Jason Thorpe wrote:
> >
> > What's the status of Fast IPsec being a completely replacement for  
> > KAME IPsec?  If it has feature parity, is it time to dump KAME IPsec?
> 
> I believe there's one feature missing, which is support for
> UDP-encapsulated ESP.  I believe FreeBSD has in fact nonetheless
> dumped the KAME code at this point.

fast_ipsec(4) supports UDP-encapsulated ESP via IPSEC_NAT_T options
since June 2007. 

There are still an issue between "ipv6 extension header" and fast_ipsec.
But it is probably the last difference with Kame IPSec (if you don't
count the fact that kame ipsec is probably better tested)

Take cares.
-- 
Arnaud Degroote
degroote%netbsd.org@localhost

Follow-Ups:
- Re: KAME IPsec vs Fast IPsec
  - From: Jason Thorpe

References:
- KAME IPsec vs Fast IPsec
  - From: Jason Thorpe
- Re: KAME IPsec vs Fast IPsec
  - From: Thor Lancelot Simon

Prev by Date: Re: local pf changes
Next by Date: Re: local pf changes
Previous by Thread: Re: KAME IPsec vs Fast IPsec
Next by Thread: Re: KAME IPsec vs Fast IPsec
Indexes:

Home | Main Index | Thread Index | Old Index