[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02258) Re: Various USAGI questions

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02258) Re: Various USAGI questions
From: Kazunori Miyazawa <kazunori@xxxxxxxxxxxx>
Date: Mon, 10 Mar 2003 16:35:02 +0900
In-reply-to: <20030307153551.GH24507@carpediem.epita.fr>
References: <20030307153551.GH24507@carpediem.epita.fr>
Reply-to: usagi-users@xxxxxxxxxxxxxx

Hello, 

Sorry for my late reply.

On Fri, 7 Mar 2003 16:35:51 +0100
jeremie le-hen <le-hen_j@xxxxxxxx> wrote:

> 
> AFAIK, USAGI is in tight collaboration with the KAME project, which is known
> to be the most advanced implementation of IPv6/IPSec standards. Therefore a
> few questions comes in mind, that I was not able to find answers on archives :
> 	- Since when does this collaboration exist ?

Since the beginning of USAGI Project.

> 	- How much code is shared between the two implementations ? (Indeed,
> I know KAME is the most compatible IPv6/IPSec stack, and it would be fine if
> USAGI took advantage of it.)
> 
Because Linux IP stack is different from *BSD's, we implemented IPsec
independently from KAME in Linux kernel-2.4.x. We check the conformance with 
TAHI test suite. And we joined some interoperability test events to check the
interoperaliblity of our stack. It is fine.
Of course we close to KAME Project and we discuss IPsec design and implementation.

> I recently read that racoon(8) IKE as been ported to Linux. Since I'm a BSD
> guy, I'm much more familiar with it than with ipsec_pluto(8), which has a
> more complex configuration file. But what about the supported features, does
> anyone know the differences between these two IKEs ? Which one has the best
> interoperability with other IKE implementations ?
> 
I guess FreeS/WAN team consider the security is more important than the interoperability,
which is thier policy. They give up support single des and DH goup 1 with the reason.
If you want interoperability, you had better to use racoon.

I think pluto configuration is not so complex.
There is however restriction of algorithm.

> FreeS/WAN documentation provides an << interoperability document >> (see
> below) which basically describes FreeS/WAN behaviour against various other
> IPSec implementations. Does any similar study exist for USAGI ? If not,
> maybe I can refer to the ones made for KAME, if these two implementations
> are close enough.
>
No. There is no document about interop. I know we should do that,
but we currently spend our time to implement IPsec stack
(current target linux-2.5.x).

> Finally, if you heard something about a recent document (less than 3 months)
> which makes the comparision between USAGI and FreeS/WAN, it would be a
> great help for me.
> 
> FreeS/WAN interoperability document:
> http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/interop.html
> 
> 
> Excuse me for my poor english, I'm working hard to improve it... :)
> 

Never mind, me too. :-)
Thank you, 


--Kazunori Miyazawa (Yokogawa Electric Corporation)

References:
- (usagi-users 02254) Various USAGI questions
  - From: jeremie le-hen

Prev by Date: (usagi-users 02257) Re: a question about mobile ipv6
Next by Date: (usagi-users 02259) IPRoute2
Previous by thread: (usagi-users 02254) Various USAGI questions
Next by thread: (usagi-users 02256) a question about mobile ipv6
Index(es):
- Date
- Thread