[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02254) Various USAGI questions

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02254) Various USAGI questions
From: jeremie le-hen <le-hen_j@xxxxxxxx>
Date: Fri, 7 Mar 2003 16:35:51 +0100
Reply-to: usagi-users@xxxxxxxxxxxxxx
User-agent: Mutt/1.4i

Hi,

I'm currently trying to compare the two Linux IPSec implementations, USAGI
and FreeS/WAN. I know USAGI's kernel patch as been merged in the 2.5 serie,
and so it will certainly be the main IPSec implementation for Linux as soon
as first 2.6 kernels will be released.

My company actually uses FreeS/WAN with a 2.2 kernel for their firewall
solution. My job is to create the new version of the latter, using all
<< recent >> networking features available in 2.4 kernels, or even in future
2.6 ones. I'm looking for the current advantages and drawbacks of each
implementation, such as configuration easiness, supported features, ...

AFAIK, USAGI is in tight collaboration with the KAME project, which is known
to be the most advanced implementation of IPv6/IPSec standards. Therefore a
few questions comes in mind, that I was not able to find answers on archives :
	- Since when does this collaboration exist ?
	- How much code is shared between the two implementations ? (Indeed,
I know KAME is the most compatible IPv6/IPSec stack, and it would be fine if
USAGI took advantage of it.)

I recently read that racoon(8) IKE as been ported to Linux. Since I'm a BSD
guy, I'm much more familiar with it than with ipsec_pluto(8), which has a
more complex configuration file. But what about the supported features, does
anyone know the differences between these two IKEs ? Which one has the best
interoperability with other IKE implementations ?

FreeS/WAN documentation provides an << interoperability document >> (see
below) which basically describes FreeS/WAN behaviour against various other
IPSec implementations. Does any similar study exist for USAGI ? If not,
maybe I can refer to the ones made for KAME, if these two implementations
are close enough.

I'm also looking for some documents or webpage that relates the future goals
of each project, unfortunately I was not able to find such document with
Google.

Finally, if you heard something about a recent document (less than 3 months)
which makes the comparision between USAGI and FreeS/WAN, it would be a
great help for me.

FreeS/WAN interoperability document:
http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/interop.html


Excuse me for my poor english, I'm working hard to improve it... :)

Thanks in advance.
Best regards,
-- 
Jeremie aka T{ata,t}Z
le-hen_j@xxxxxxxx

Follow-Ups:
- (usagi-users 02258) Re: Various USAGI questions
  - From: Kazunori Miyazawa

Prev by Date: (usagi-users 02255) Re: Raw socket + IPv6 = sendto invalid argument
Next by Date: (usagi-users 02256) a question about mobile ipv6
Previous by thread: (usagi-users 02255) Re: Raw socket + IPv6 = sendto invalid argument
Next by thread: (usagi-users 02258) Re: Various USAGI questions
Index(es):
- Date
- Thread