Paul Wouters <p...@nohats.ca> wrote:
>> Sadly, very few regular users use IPsec/IKEv2 for this kind of access.
> This is very incorrect.
> Almost all VPN providers for apple (OSX and iOS) use IKEv2 with
> CP. Based on numbers of concurrent users I have seen from some vendors
> using libreswan, we are talking in the orders of 100’s of thousands of
> users.
That's awesome news to learn!!!
I haven't seen this in the wild myself, and it's not the case in Android as
you point out.
> One of the main reasons: MOBIKE with phones using wifi and 4/5G and
> network switching.
So that's a good really good result. Kudos.
Sometimes the tortoise does win the race with better technology.
> For Android, the situation is bad. Due to the OS not properly
> supporting IKEv2, most VPN services bundle openvpn apps for android and
> very few bundle strongswan with its userland ESP that can do IKEv2.
I'm aware that they (Android) were thinking about fixing this, but nothing
has happened yet to my knowledge.
>> In almost all cases the VPN provider is in control of the software that
is
>> installed on the client system, so they can hijack paypal already.
> This is also incorrect. All OSX and iOS provisioning happens via
> .mobileconfig profiles or apps using apple API’s that are
I'm talking here about people using VPNConnect, OpenConnect, some .MSI that
actually installs OpenVPN on windows, etc.
>> But, this seems terribly unlikely since just getting two VPNs installed
>> (and compatible) and running at the same time is such deep VPN-fu, that
it's
>> like only half the IPsec WG members that could ever make this work
anyway.
> It is currently uncommon indeed but I think and hope we will see more
> of this, especially when we all want a continuous VPN link up to our
> home network.
I also want it to be easier.
I see IPv6 for the Enterprise remote-access VPN as instrumental to making
this happen. Each Enterprise can embed their IPv4 RFC1918 address space into
a unique IPv6 prefix, and can NAT64 to get to actual internal legacy services
if they have to.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
