KAME/Fast IPSEC (was Re: netatm: plan for removal unless an
active maintainer is found)
George V. Neville-Neil
gnn at neville-neil.com
Fri Mar 17 02:32:44 UTC 2006
At Thu, 16 Mar 2006 08:36:19 +0000 (UTC),
Bjoern A. Zeeb wrote:
> with hopefully enough time this problem will be solved during
> the year. This will also need some netinet6 work,...
>
> What you can find at
> http://sources.zabbadoz.net/freebsd/ipv6/
> is far from being complete or fully up-to-date but it's a start...
>
Sorry to chime in late, server upgrade.
We (Bjoern, myself and a few others) are actively working on this. I
am working first to make the system work in this way:
1) INET6: Kame IPv6, no IPSec
2) INET6 + IPSEC: Pure Kame IPv6 and IPSec
3) FAST_IPSEC: v4 Fast IPSec
4) INET6 + FAST_IPSEC: Kame v6 + FAST IPsec v4 and v6
That is we will be able to use Kame IPv6 with either Kame IPSec or
FAST_IPSEC.
The long term goal is to have only one set of code for IPv6 and for
IPSec, but that is going to take a bit more work.
I have started the changes to make 4 possible in a p4 branch. For
those with access look at branches marked fast_ipsec.
I want to do a lot of testing on this before putting it into CVS and
even though there is the TAHI test framework testing takes a while and
I want to try this with some more complex real networks.
Help, of course, is always appreciated ;-)
If anyone wants to be on my "little list of concerned parties" send me
your email and I'll try to send out regular patches and mails.
Later,
George
More information about the freebsd-arch
mailing list