Then my question to you is this .... why haven't they been implemented? You've / we've all spent a lot of time on the product to make it ( and I quote) a business class product which "provides all the important features of commercial firewall boxes" (BTW, it IS a great product, just be open to suggestions for improvments). I think not, as most of the commercial products out there, [Cisco, NetScreen, CheckPoint] to name a few, support most if not all of the features I mentioned below, before getting flamed as a FUD writer (look in the mirror before pitching stones, and do so real research on something other than BSD). I'm not sure what FUD means, but I can make an educated guess, and I'm not sure that there needs to be this level of inappropriate and offensive communications/responses, especially from a member of the core dev team (certainly not very professional).
In short ... take of your BSD blinders and look around before accusing someone of NOT doing their research, certainly when someone make a concerted effort to apologize for the noise ... then you still feel the need to flame. BOOOOO .... BTW Google is a great tool!!!!! -- David L. Strout Engineering Systems Plus, LLC ----- Original Message ----- Subject: Re: Re: [pfSense Support] IPSec enhancements ??s From: [EMAIL PROTECTED] To: [email protected] Date: 01-25-2006 11:44 pm > I did your research for you because I was curious. I'd suggest you > look a little harder before spreading FUD. If you aren't going to > bother spending five minutes doing correct research, I'm certainly not > going to go out of my way implementing uninteresting features which I > don't need or use. http://ipsec-tools.sourceforge.net/ (which we use) > certainly does support everything you asked for (as you can see here: > http://netbsd.gw.com/cgi-bin/man-cgi?racoon.conf+5+NetBSD-current) > except for Serpent. We haven't implemented them as the old racoon > likely didn't support them. Besides, most commercial vendors don't > support anything outside of DES/3DES/AES/Blowfish and MD5/SHA1 - let > alone DH groups outside of 1,2,5. > > --Bill > > On 1/25/06, David Strout <[EMAIL PROTECTED]> wrote: > > Ah no ... it appears that there is NOT the same > > level(s) of VPN crypts/hashes/features for the > > xBSD realm as there are for say the Linux realm. > > > > Again appologies for the noise !! > > > > -- > > David L. Strout > > Engineering Systems Plus, LLC > > > > ----- Original Message ----- > > Subject: Re: [pfSense Support] IPSec enhancements > > ??s > > From: [EMAIL PROTECTED] > > To: [email protected] > > Date: 01-25-2006 9:57 pm > > > > > > > On 1/25/06, David Strout <[EMAIL PROTECTED]> > > wrote: > > > > Are there any plans to expand IPSec to support > > > > more VPN/phase 1 and 2 options ... like say: > > > > > > > > Compression > > > > & > > > > IKE Encryption: > > > > AES 256 > > > > Twofish 256 > > > > Serpent 256 > > > > & > > > > ESP Encryption: > > > > AES 256 > > > > Twofish 256 > > > > Serpent 256 > > > > & > > > > IKE Integrity: > > > > SHA2 512/256 > > > > & > > > > Higher DH key group .. eg: > 1536 bit > > > > & > > > > Higher PFS key group .. eg: > 1536 bit > > > > > > > > Not sure if the current IPSec-tools/FreeBSD is > > > > capable of these advanced features, but it > > would > > > > be nice to explore for future releases as an > > > > enhancement to a great VPN product already. > > > > > > Care to do the research for us? > > > > > > --Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
