Tom At 19:08 01.03.2004 -0800, Tom Eastep wrote: >On Mon, 1 Mar 2004, Mike Noyes wrote: > >> Everyone, >> Here is some relevant news. Can someone take a look at packaging KAME? >> >> http://www.freeswan.org/ending_letter.html >> After more than five years of active development, the FreeS/WAN >> project will be coming to an end. >> >> KAME Project >> http://www.kame.net/ >> > >I fear that Linux IPSEC support is in chaos. The move to support OE in the >way advocated by the FreeeS/Wan project resulted in an absurd gateway >routing table and rendered Proxy ARP incompatible with FreeS/Wan. > >The 2.6 kernel implementation of IPSEC threw out the baby with the >bath water.
Are you referring to the native 2.6 IPSEC implementation? >- Netfilter is totally broken with respect to IPSEC. >- While it makes OE work reasonably, it makes IPSEC tunneling totally >different from any other Linux-based tunnel. Even when OE is disabled? I never considered it to be _that_ important. Possibly because it is difficult to get a FQDN in Europe nowadays. >While there is work going on in the Netfilter project to correct the first >problem, the second seems to be here to stay. > >As things currently stand, Shorewall will have minimal support for IPSEC >tunnels under the 2.6 kernels. Considering the current 2.4 LEAF distribution (which I doubt will move to 2.6 in a short timeframe) would it be most reasonable to go with openswan 1.0? Thanks Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel