Hello, I'm not sure if this is the right mailing list for these questions -- if it's not, feel free to kick me out :-)
I'm one of the Chromium developers responsible for VPN support in Chrome OS. Chrome OS is using strongSwan 4.x with some local Pluto patches to support L2TP/IPSec. We're considering upgrading to strongSwan 5.x ( crosbug.com/36959), mostly driven by crosbug.com/15900 (support for groups in IKEv1 aggressive mode). An alternative is to switch to Android's L2TP/IPSec libraries (ipsec-tools, I think). However, we've made some local patches to Pluto that we'll need to re-evaluate and drop obsolete ones, re-implement necessary ones in Charon, or maybe come up with better solutions, hopefully upstream. I'd really appreciate your feedback on this. Here's a list of our local Pluto patches -- issue report along with patch code review URL: - crosbug.com/16252: initialize supplementary groups ( https://gerrit.chromium.org/gerrit/#/c/2233/) - crosbug.com/24476: disable peer ID check ( https://gerrit.chromium.org/gerrit/15008, https://gerrit.chromium.org/gerrit/15009) - crosbug.com/25675: disable XAUTH ID ( https://gerrit.chromium.org/gerrit/#/c/15071/) -- this one just changes the 4.x default configure/build options. - crosbug.com/32738: ISAKMP commit bit -- this one is not resolved yet because it will require making strongSwan non-compliant with rfc 3947. Do you have any thoughts or feedback? Do you think some of these issues can be addressed properly upstream, to ease the upgrade path? Thanks in advance, Darin
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
