Re: An IPsec tunnel implementation for Linux using CryptoAPI

From: Herbert Valerio Riedel (hvr@hvrlab.org)
Date: Wed Apr 24 2002 - 08:40:25 EST

Next message: rwhron@earthlink.net: "Re: 2.5.9 -- OOPS in IDE code (symbolic dump and boot log included)"
Previous message: Jens Axboe: "Re: 2.5.9 -- OOPS in IDE code (symbolic dump and boot log included)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hello!

On Wed, 2002-04-24 at 00:17, Tobias Ringstrom wrote:
> A little bit off-topic perhaps, but I'd like to congratulate you all on an
> extremely useable piece of software! When I decicided to make a
> light-weight IPsec tunnel implementation some time ago I decided very
> early on to use your CryptoAPI, and found it really easy to use.
>
> I now have a version of my IPsec tunnel implementation that seems to work
> just fine, and I think it's time to let you guys have a peek at it. You
> can find the code and a first stab at actual documentation at
>
> http://ringstrom.mine.nu/ipsec_tunnel/
>
> Please remeber that this is an early version, and I do not guarantee
> anything. It does seem to interoperate with OpenBSD's IPsec though, and I
> have been using it for several weeks myself.
>
> And yes, I've heard about FreeS/WAN... :-)
>
> I'm interested in any comments or questions!

I decided to CC this reply to the lkml, since IMO more people should
know about this implementation of yours.

I've taken a quick look at your webpage and the source code itself...
one thing I saw is, that your implementation doesn't require any
modification to the main kernel -- i.e. no patching required -- it's a
plugin... just like CIPE... (which btw uses cryptoapi as well in its
latest code base)
(thus you don't even need to reboot your system in order to enable
lightweight IPSEC in your kernel...)
-- this fits well with the cryptoapi, which can add modular crypto
support without needing to patch or reboot your kernel...

I think, some people will like this lightweight IPSEC/IPv4
implementation, since it doesn't have the eroute/route-filtering
facility of frees/wan...

on the other hand, it's not a complete IPSEC implementation (yet)... it
only implements ESP for tunneling purposes, and lacks AH and IKE....
and frees/wan offers some advanced features like compression and icmp
handling, which ipsec_tunnel may still lack...

regards,

-- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@hvrlab.org / Finger hvr@gnu.org for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142

application/pgp-signature attachment: This is a digitally signed message part

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: rwhron@earthlink.net: "Re: 2.5.9 -- OOPS in IDE code (symbolic dump and boot log included)"
Previous message: Jens Axboe: "Re: 2.5.9 -- OOPS in IDE code (symbolic dump and boot log included)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Apr 30 2002 - 22:00:09 EST