Linux IPSEC (was Re: [TriLUG] Who runs Red Hat and KDE)

Mike Johnson mike at enoch.org
Tue May 27 08:16:26 EDT 2003


Matt Wilson [msw at redhat.com] wrote:

> There's very little standing in the way legally with encryption and
> VPN technology.  It's been a maturity issue lately.  The 2.5 kernel
> has a lot of what we've been working on for IPSec in linux with the
> community for the past few months.

There used to be legality reasons, but given that Red Hat ships
openssh/openssl (which has encryption capabilities that meet, or even
exceed what FreeS/WAN is capable of), I think we can be pretty sure
those are gone.

However, FreeS/WAN sucks.  It's fine for when both ends of the
connection are FreeS/WAN, but it gets downright difficult when you try
and make it interop with other IPSEC implementations.  And don't get me
started on the whole 'left' vs 'right' notation.  Gah.

That said, I haven't seen it, and I don't tend to play with unstable
kernels.  Is 2.5's IPSEC any better?

Mike
-- 
"If life hands you lemons, YOU BLOW THOSE LEMONS TO BITS WITH 
 YOUR LASER CANNONS!" -- Brak

GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030527/9f082251/attachment.pgp>


More information about the TriLUG mailing list