Milan P. Stanic was heard to utter, at roughly 03/03/04 00:25:
On Tue, Mar 02, 2004 at 03:37:52PM -0600, Jacques Normand wrote:On Tue, Mar 02, 2004 at 10:08:22PM +0100, J.H.M. Dassen (Ray) wrote:If you're looking for a VPN solution, by all means look at FreeS/WAN (or its likely successor, OpenSWAN). Just forget about OE. OE isn't about the type of security you're looking for in a VPN.And what about the ipsec system in the 2.6 kernel (KAME) and the racoon daemon for initial key exchange? It does the same work as freeswan but it is still developped..FreeS/WAN is "orphaned" upstream. OpenSWAN is based on FreeS/WAN and as such it does not work with 2.6.
As others have mentioned, v2 of both FreeSWAN and OpenSWAN work with the native IPSEC strack of 2.6.x. You do need the ipsec-tools package too.
I'm not sure but I think that Herbert Xu (Debian kernel maintainer) added patches to pluto (FreeS/WAN IKE daemon) to work with IPSec in the kernel 2.6.x
Herbert also added the backport of the native IPSEC stack from 2.6 to the Debian kernels from 2.4.22 onwards IIRC. It's certainly in 2.4.25. I've not tried these kernels and the native IPSEC in combination with FreeSWAN yet but intend to do so soon.
Racoon is in FreeBSD for few years and is actively developed.
What is Racoon like in terms of configuration ease? I've used FreeSWAN and wilst it's not the easiest to set up, once you've got your head around it, it does make sense.
Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com