On 4 June 2010 00:06, Reyk Floeter <r...@openbsd.org> wrote: > Hi! > > Today I imported iked(8) that is another automatic keying daemon for > IPsec. B In difference to isakmpd(8), which supports the ISAKMP/Oakley > a.k.a. IKEv1 protocol, iked(8) only supports the IKEv2 protocol at > present. B The IKEv2 protocol in RFC 4306 has been simplified and > provides many benefits over ISAKMP/IKEv1. > > iked(8) itself has been designed to fit the style of all the recent > OpenBSD daemons and comes with a tool ikectl(8) for runtime > configuration, status, working reloads, and integrated commands to > maintain a simple X.509 CA for IKEv2. B I also have some important > design goals that I will describe later. > > The current state is that iked(8) still lacks a few important features > but works as a responder against different peer implementations. B That > means, you can set up a running VPN with Windows 7 or libstrongswan > libcharon clients connecting to iked(8) running as the server or > security gateway. B I will add initiator (client) mode next. > > This is a very brief summary, more information will follow. > > reyk >
Good stuff Reyk! Will try it shortly. Looking forward to the details as well. -- The best the little guy can do is what the little guy does right
