tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: KAME IPsec vs Fast IPsec

What will it take to fix this last issue? I think it's time we had just one ipsec in the tree.

-- thorpej@iPhone

On Apr 19, 2008, at 2:53 AM, Arnaud Degroote <> wrote:

On Tue, Apr 15, 2008 at 04:44:32PM -0400, Thor Lancelot Simon wrote:
On Tue, Apr 15, 2008 at 12:37:00PM -0700, Jason Thorpe wrote:

What's the status of Fast IPsec being a completely replacement for
KAME IPsec? If it has feature parity, is it time to dump KAME IPsec?

I believe there's one feature missing, which is support for
UDP-encapsulated ESP.  I believe FreeBSD has in fact nonetheless
dumped the KAME code at this point.

fast_ipsec(4) supports UDP-encapsulated ESP via IPSEC_NAT_T options
since June 2007.

There are still an issue between "ipv6 extension header" and fast_ipsec.
But it is probably the last difference with Kame IPSec (if you don't
count the fact that kame ipsec is probably better tested)

Take cares.
Arnaud Degroote

Home | Main Index | Thread Index | Old Index