Future of VPN: CIPE or IPSEC?
Nasturas George
geo at altamira.vaslui.rdsnet.ro
Wed Nov 19 10:30:56 UTC 2003
what about OpenVPN ?
On Wed, 2003-11-19 at 12:28, Felipe Alfaro Solana wrote:
> On Wed, 2003-11-19 at 10:30, Christians, Stefan Mr. wrote:
>
> > 1) The reasons we had for choosing IPSEC over CIPE turned out to be
> > non-issues (all arguments we had for using IPSEC were never used, needed
> > or implemented).
>
> I have heard that CIPE is plagued of security problems and lacks a good
> design. IPSec, however, is a backport of the same functionality from
> IPv6 and I think it's a proven technology.
>
> > So now the big question for us is whether we should migrate our VPN
> > routers to Fedora Core 1 and convert them to CIPE, or whether we should
> > wait a few more months until the 2.6 kernel with integrated IPSEC is
> > included in the standard distribution.
>
> AFAIK, Fedora kernel doesn't rely on FreeSWAN anymore. Instead, they
> have backported the IPSec code from 2.6 kernels that is based on
> KAME/USAGI stack.
>
> > The key question here is whether CIPE will be maintained as a Fedora
> > Package once the 3.6 kernel is distributed, or whether it will gradually
> > be phased out. We want to avoid converting to CIPE now and then back to
> > IPSEC again after a year.
>
> I think you'd better stick with IPSec.
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-list
--
geo,
"Don't cry because it's over, smile because it happned !"
More information about the fedora-list
mailing list