[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 00584) Re: freeswan and usagi

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 00584) Re: freeswan and usagi
From: Kazunori Miyazawa <Kazunori_Miyazawa@xxxxxxxxxxxxxx>
Date: Fri, 15 Jun 2001 11:44:38 +0900
In-reply-to: <Pine.SOL.4.20.0106120910170.9344-100000@penelope.ecs.soton.ac.uk>
References: <000101c0f2e9$c99ec060$c8aadda3@aistnara.ac.jp> <Pine.SOL.4.20.0106120910170.9344-100000@penelope.ecs.soton.ac.uk>
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hello.

On Tue, 12 Jun 2001 09:11:19 +0100 (BST)
Tim Chown <tjc@xxxxxxxxxxxxxxx> wrote:

> 
> There is an IPv6 port of FreeS/WAN for Linux done as part of the 6INIT
> project.  Contact Wolgang Fritsche for more info.
> 

We know it. We think it isn't done completely. But it is good for
an our start point of IPv6 IPsec implementation. We improve it.

> However, I think the USAGI people are doing their own IPsec.
> 

At the begnning, we thought to implement our own IPsec stack.
However we threw it and current our IPsec stack is based on 
6INIT( IABG ).
We implement own PF_KEYv2 parse routines. It is compatible with FreeS/WAN
in userland about ipsec commands. But we have never checked with Pluto.

> Tim
> 
> On Tue, 12 Jun 2001, Jonathan Khoo wrote:
> 
> > Hi guys,
> > 
> > I have a question regarding about IPSEC. I was looking at the kame
> > source and noticed that IPSEC was implemented under the source
> > /keme/sys/netkey. To the best of my knowledge, FreeSwan is the

Our code is deffrent from KAME's one.

> > equivalent of IPSEC for the linux platform. My question is that has it
> > been integrated into the ipv6 stack with usagi? I had downloaded version
> > 1.9 and it was mentioned in the documentations that some effort to
> > integrate FreeSwan into IPv6 is in the books. 
> > 

FreeS/WAN's people have a plan of next generation IPsec routine called KLIPS2. 
It uses Netfilter for proccesing IPsec header. I think it is a good idea.
We want to talk about IPv6 support of KLIPS2 with FreeS/WAN's people 
in Linux Symposium 2001.

Of course we considered the possibillityes of KLIPS(Current FreeS/WAN's code).
We gave up improving KLIPS to fit for IPv6. 
Because it is base on the virtual device archtecture. 
And It uses the key structure "sa_id". It specifies the address format of IPv4. 

> > Many thanks for any advices.
> > 
> > Best regards,
> > Jon
> > 
> > 
> 

Excuse me for my poor English,

Thank you.

-- Kazunori Miyazawa

Follow-Ups:
- (usagi-users 00589) protocol switch table?
  - From: Jonathan Khoo

References:
- (usagi-users 00579) freeswan and usagi
  - From: Jonathan Khoo
- (usagi-users 00580) Re: freeswan and usagi
  - From: Tim Chown

Prev by Date: (usagi-users 00583) [BUG] ND/SAA was broken on latest linux24 snapshot.
Next by Date: (usagi-users 00585) How to set default ipv6
Previous by thread: (usagi-users 00580) Re: freeswan and usagi
Next by thread: (usagi-users 00589) protocol switch table?
Index(es):
- Date
- Thread