in Apr, Sam Leffler probably wrote : |1. Has anyone else seriously looked at doing this? |2. Has anyone compared the OpenBSD and KAME implementations and understand |their relative strengths? (e.g. is there some reason to work with KAME other |than it's already in the system)
I realize you're most interested in a developer's perspective on this, and I'm not comfortable providing anything like that. On a side note, however, I'll mention some things from a administrative/user perspective. I like these features of the OpenBSD implementation, one of which was mentioned by Tariq Rashid <[EMAIL PROTECTED]>: 1. The enc interface. Makes it extremely simple to have packet filtering rules for IPSEC tunneled networks, and routing is easier to think about, imho. 2. IPSEC flows appear in netstat -r output, very handy. 3. kernfs has information about each SA, including statistics for them (bytes, packets, etc). I'm less familiar with the KAME implementation, so I'm unable to highlight its strengths compared to the OpenBSD code -- perhaps someone will jump in here and point them out for me. matt To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
