Re: KAME IPsec vs Fast IPsec

[Keiichi SHIMA <keiichi%iijlab.net@localhost>]

I want to know the plan of the extension header support in fast IPsec  
too.

I'm working on Mobile IPv6 that uses extension header and IPsec same  
time.  The missing extension header support in one of the reason for  
me that I cannot move from KAME IPsec to fast IPsec.

Regards,
---
Keiichi SHIMA
IIJ Research Laboratory <keiichi%iijlab.net@localhost>
WIDE Project <shima%wide.ad.jp@localhost>



On 2008/04/20, at 6:07, Jason Thorpe wrote:

> What will it take to fix this last issue?  I think it's time we had  
> just one ipsec in the tree.
>
> -- thorpej@iPhone
>
> On Apr 19, 2008, at 2:53 AM, Arnaud Degroote <degroote%netbsd.org@localhost>  
> wrote:
>
> > On Tue, Apr 15, 2008 at 04:44:32PM -0400, Thor Lancelot Simon wrote:
> > > On Tue, Apr 15, 2008 at 12:37:00PM -0700, Jason Thorpe wrote:
> > > > What's the status of Fast IPsec being a completely replacement for
> > > > KAME IPsec?  If it has feature parity, is it time to dump KAME  
> > > > IPsec?
> > >
> > > I believe there's one feature missing, which is support for
> > > UDP-encapsulated ESP.  I believe FreeBSD has in fact nonetheless
> > > dumped the KAME code at this point.
> >
> > fast_ipsec(4) supports UDP-encapsulated ESP via IPSEC_NAT_T options
> > since June 2007.
> >
> > There are still an issue between "ipv6 extension header" and  
> > fast_ipsec.
> > But it is probably the last difference with Kame IPSec (if you don't
> > count the fact that kame ipsec is probably better tested)
> >
> > Take cares.
> > --
> > Arnaud Degroote
> > degroote%netbsd.org@localhost