Re: KAME IPsec vs Fast IPsec

To: Arnaud Degroote <degroote%netbsd.org@localhost>
Subject: Re: KAME IPsec vs Fast IPsec
From: Jason Thorpe <thorpej%shagadelic.org@localhost>
Date: Sat, 19 Apr 2008 14:07:42 -0700

What will it take to fix this last issue? I think it's time we hadjust one ipsec in the tree.


-- thorpej@iPhone

On Apr 19, 2008, at 2:53 AM, Arnaud Degroote <degroote%netbsd.org@localhost>wrote:


On Tue, Apr 15, 2008 at 04:44:32PM -0400, Thor Lancelot Simon wrote:

On Tue, Apr 15, 2008 at 12:37:00PM -0700, Jason Thorpe wrote:

What's the status of Fast IPsec being a completely replacement for
KAME IPsec? If it has feature parity, is it time to dump KAMEIPsec?


I believe there's one feature missing, which is support for
UDP-encapsulated ESP.  I believe FreeBSD has in fact nonetheless
dumped the KAME code at this point.


fast_ipsec(4) supports UDP-encapsulated ESP via IPSEC_NAT_T options
since June 2007.

There are still an issue between "ipv6 extension header" andfast_ipsec.

But it is probably the last difference with Kame IPSec (if you don't
count the fact that kame ipsec is probably better tested)

Take cares.
--
Arnaud Degroote
degroote%netbsd.org@localhost

Follow-Ups:
- Re: KAME IPsec vs Fast IPsec
  - From: Keiichi SHIMA

References:
- KAME IPsec vs Fast IPsec
  - From: Jason Thorpe
- Re: KAME IPsec vs Fast IPsec
  - From: Thor Lancelot Simon
- Re: KAME IPsec vs Fast IPsec
  - From: Arnaud Degroote

Prev by Date: Re: Possible fix for wpa_supplicant(8) WPA re-key lossage
Next by Date: Re: local pf changes
Previous by Thread: Re: KAME IPsec vs Fast IPsec
Next by Thread: Re: KAME IPsec vs Fast IPsec
Indexes:

Home | Main Index | Thread Index | Old Index