Paul Wouters <p...@nohats.ca> wrote: >> Sadly, very few regular users use IPsec/IKEv2 for this kind of access.
> This is very incorrect. > Almost all VPN providers for apple (OSX and iOS) use IKEv2 with > CP. Based on numbers of concurrent users I have seen from some vendors > using libreswan, we are talking in the orders of 100’s of thousands of > users. That's awesome news to learn!!! I haven't seen this in the wild myself, and it's not the case in Android as you point out. > One of the main reasons: MOBIKE with phones using wifi and 4/5G and > network switching. So that's a good really good result. Kudos. Sometimes the tortoise does win the race with better technology. > For Android, the situation is bad. Due to the OS not properly > supporting IKEv2, most VPN services bundle openvpn apps for android and > very few bundle strongswan with its userland ESP that can do IKEv2. I'm aware that they (Android) were thinking about fixing this, but nothing has happened yet to my knowledge. >> In almost all cases the VPN provider is in control of the software that is >> installed on the client system, so they can hijack paypal already. > This is also incorrect. All OSX and iOS provisioning happens via > .mobileconfig profiles or apps using apple API’s that are I'm talking here about people using VPNConnect, OpenConnect, some .MSI that actually installs OpenVPN on windows, etc. >> But, this seems terribly unlikely since just getting two VPNs installed >> (and compatible) and running at the same time is such deep VPN-fu, that it's >> like only half the IPsec WG members that could ever make this work anyway. > It is currently uncommon indeed but I think and hope we will see more > of this, especially when we all want a continuous VPN link up to our > home network. I also want it to be easier. I see IPv6 for the Enterprise remote-access VPN as instrumental to making this happen. Each Enterprise can embed their IPv4 RFC1918 address space into a unique IPv6 prefix, and can NAT64 to get to actual internal legacy services if they have to. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec