- Original Message -
From: "Shoichi Sakane" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, April 05, 2002 12:26 AM
Subject: Re: kame ipsec vs. openbsd ipsec
> > 1. Has anyone else seriously looked at doing this?
>
>> 1. Has anyone else seriously looked at doing this?
>> 2. Has anyone compared the OpenBSD and KAME implementations and understand
>> their relative strengths? (e.g. is there some reason to work with KAME other
>> than it's already in the system)
>
>i have summarized what some people argued to me
> some people say that OpenBSD has advantage because:
> 2. because SA is shown as a pseudo interface,
> about 4, we don't like to create a pseudo interface of each SA,
> in particular, when we use IPsec transport mode. each userland
> process can use individual SA in KAME. this function
> 1. Has anyone else seriously looked at doing this?
> 2. Has anyone compared the OpenBSD and KAME implementations and understand
> their relative strengths? (e.g. is there some reason to work with KAME other
> than it's already in the system)
i have summarized what some people argued to merge Op
Tariq Rashid wrote:
> On a slightly side note, I'd much prefer to see FreeBSD with IPSEC
> pseudo-interfaces a la OpenBSD/linux.
>
> I'd much prefer to work with say, enc0, or ipsec1, than mess around
> with guf half-tunnels makes complex routing much easier
Have you looked at draft-
in Apr, Sam Leffler probably wrote :
|1. Has anyone else seriously looked at doing this?
|2. Has anyone compared the OpenBSD and KAME implementations and understand
|their relative strengths? (e.g. is there some reason to work with KAME other
|than it's already in the system)
I realize you're
On a slightly side note, I'd much prefer to see FreeBSD with IPSEC
pseudo-interfaces a la OpenBSD/linux.
I'd much prefer to work with say, enc0, or ipsec1, than mess around with
guf half-tunnels makes complex routing much easier
Just a thought - perhaps a netgraph ipsec node is the w
Sam Leffler wrote:
> Yes and no. I was told they wanted to add hardware support but I've been
> unable to reach the "right people" to start a dialogue, which is why I sent
> my note.
Try [EMAIL PROTECTED]; you'll have a response in a few hours (when
daylight hits Japan :-)
Lars
--
Lars Eggert
ler" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 10:37 AM
Subject: Re: kame ipsec vs. openbsd ipsec
> have you asked the KAME people if they have plans to
> do such suppport themselves?
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
have you asked the KAME people if they have plans to
do such suppport themselves?
On Wed, 3 Apr 2002, Sam Leffler wrote:
> I'm slogging through the KAME IPsec code looking at adding support for
> crypto hardware (and NICs that do onboard IPSEC processing). The OpenBSD
> IPsec implementation a
I'm slogging through the KAME IPsec code looking at adding support for
crypto hardware (and NICs that do onboard IPSEC processing). The OpenBSD
IPsec implementation already has this and doing something similar to what
OpenBSD has done requires restructuring large parts of the KAME code in a
simil
11 matches
Mail list logo
