Speaking for the strongSwan project, I'm favoring draft-sathyanarayan-ipsecme-advpn
because
- The concept is simple but powerful and well embedded into the
current IKEv2 message exchange architecture.
- No overlay of additional routing protocols is needed.
- The proposed solution has a lot of similarity with our
Double-NAT IKEv2 Mediation Extension [1] that we proposed a
couple of years ago and which has been implemented by strongSwan.
Thus the integration of the draft-sathyanarayan-ipsecme-advpn
capabilities into our architecture should be rather easy.
In the future it might even be possible to extend the SHORTCUT
exchange to Double-NAT situations.
- The draft is in a very advanced state with all protocol details
neatly worked out. It's ready for implementation, so we might
give it a try :-)
Best regards
Andreas
[1] http://tools.ietf.org/html/draft-brunner-ikev2-mediation-00
======================================================================
Andreas Steffen [email protected]
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
