On Thu, Dec 12, 2002 at 09:39:27AM -0500, Phillip Hofmeister wrote: > If you implement IPSec, my experience (as of 6 months ago) with IPSec is > that it works great, as long as you use the same implementation on all > host.
I don't really agree with that. I have used several different IPsec
implementations and interoperated successfully. The latest combination
that I tried was the Linux 2.5 native IPsec communicating with
FreeS/WAN. No problem. I've documented the steps I had to go through
to get the {Free,Net}BSD IPsec implementation to interoperate with
FreeS/WAN using X.509 certs for authentication. Again, very few
problems.
www.freeswan.org has quite a bit of interoperability documentation.
Basically, the only difficulties come from the fact that the Internet
Key Exchange (IKE) protocol, defined in RFC 2409, has so damn many
configurable parameters that it's easy to missconfigure it. Since there
isn't (and probably won't ever be) a standard set of defaults, this can
get confusing.
noah
--
_______________________________________________________
| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg08134/pgp00000.pgp
Description: PGP signature
