the only VPN solution is not in rh

Wil Cooley wcooley at nakedape.cc
Wed Oct 22 20:25:49 UTC 2003


On Wed, 2003-10-22 at 07:39, Farkas Levente wrote:
> hi,
> currently there is not any real vpn solution in rh distro. what are the 
> alternatives:
> - freeswan (ipsec)
> - cipe
> - openvpn
> 
> although ipsec is the future, it has many probles. the old kernel 
> implementation is not accepted while the new is just in the 2.6 series 
> (the backport is...) and the freeswan's user space part is not compiled 
> for the the ipsec implementation. and we don't the quality of that part 
> of the code (that was the reason why the old kernel psace can't get into 
> the kernel). the x509 patch still not in the mainstream freeswan which 
> is essential for windows clients. imho it needs a year to be stable and 
> usable.

FreeS/WAN has problems, but it does work.  I'd much rather see FreeS/WAN
support than anything; it's standard and interoperates with lots of
other IPSEC implementations; CIPE and OpenVPN are, AFAICT, not widely
supported and "proprietary" (in the sense that they're non-standard and
not even seeking standardization).  FreeS/WAN itself works well enough
as an external module; they only problem is if you want NAT-Traversal,
it would need a patch to the actual kernel.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * * * * Good, fast and cheap: Pick all 3! * * * * * * *
*   Naked Ape Consulting                http://nakedape.cc  *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031022/da3f2ce9/attachment.sig>


More information about the fedora-devel-list mailing list