Re: kame ipsec vs. openbsd ipsec

2002-04-05 Thread Sam Leffler
- Original Message - From: "Shoichi Sakane" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, April 05, 2002 12:26 AM Subject: Re: kame ipsec vs. openbsd ipsec > > 1. Has anyone else seriously looked at doing this? >

Re: kame ipsec vs. openbsd ipsec

2002-04-05 Thread Jun-ichiro itojun Hagino
>> 1. Has anyone else seriously looked at doing this? >> 2. Has anyone compared the OpenBSD and KAME implementations and understand >> their relative strengths? (e.g. is there some reason to work with KAME other >> than it's already in the system) > >i have summarized what some people argued to me

Re: kame ipsec vs. openbsd ipsec

2002-04-05 Thread Shoichi Sakane
> some people say that OpenBSD has advantage because: > 2. because SA is shown as a pseudo interface, > about 4, we don't like to create a pseudo interface of each SA, > in particular, when we use IPsec transport mode. each userland > process can use individual SA in KAME. this function

Re: kame ipsec vs. openbsd ipsec

2002-04-05 Thread Shoichi Sakane
> 1. Has anyone else seriously looked at doing this? > 2. Has anyone compared the OpenBSD and KAME implementations and understand > their relative strengths? (e.g. is there some reason to work with KAME other > than it's already in the system) i have summarized what some people argued to merge Op

Re: kame ipsec vs. openbsd ipsec / netgraph ipsec node?

2002-04-04 Thread Lars Eggert
Tariq Rashid wrote: > On a slightly side note, I'd much prefer to see FreeBSD with IPSEC > pseudo-interfaces a la OpenBSD/linux. > > I'd much prefer to work with say, enc0, or ipsec1, than mess around > with guf half-tunnels makes complex routing much easier Have you looked at draft-

Re: kame ipsec vs. openbsd ipsec

2002-04-04 Thread matthew weaver
in Apr, Sam Leffler probably wrote : |1. Has anyone else seriously looked at doing this? |2. Has anyone compared the OpenBSD and KAME implementations and understand |their relative strengths? (e.g. is there some reason to work with KAME other |than it's already in the system) I realize you're

RE: kame ipsec vs. openbsd ipsec / netgraph ipsec node?

2002-04-04 Thread Tariq Rashid
On a slightly side note, I'd much prefer to see FreeBSD with IPSEC pseudo-interfaces a la OpenBSD/linux. I'd much prefer to work with say, enc0, or ipsec1, than mess around with guf half-tunnels makes complex routing much easier Just a thought - perhaps a netgraph ipsec node is the w

Re: kame ipsec vs. openbsd ipsec

2002-04-03 Thread Lars Eggert
Sam Leffler wrote: > Yes and no. I was told they wanted to add hardware support but I've been > unable to reach the "right people" to start a dialogue, which is why I sent > my note. Try [EMAIL PROTECTED]; you'll have a response in a few hours (when daylight hits Japan :-) Lars -- Lars Eggert

Re: kame ipsec vs. openbsd ipsec

2002-04-03 Thread Sam Leffler
ler" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 10:37 AM Subject: Re: kame ipsec vs. openbsd ipsec > have you asked the KAME people if they have plans to > do such suppport themselves? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Re: kame ipsec vs. openbsd ipsec

2002-04-03 Thread Julian Elischer
have you asked the KAME people if they have plans to do such suppport themselves? On Wed, 3 Apr 2002, Sam Leffler wrote: > I'm slogging through the KAME IPsec code looking at adding support for > crypto hardware (and NICs that do onboard IPSEC processing). The OpenBSD > IPsec implementation a