IPsec in GENERIC kernel config
Ana Kukec
anchie at fer.hr
Fri May 1 14:01:54 UTC 2009
Hi Jan,
Jan Melen wrote:
> Hi,
>
> Again when I compiled a custom kernel just to enable IPsec in the
> FreeBSD kernel it came to my mind why is it so that the IPsec is not
> enabled by default in the GENERIC kernel configuration file? At least
> for me the GENERIC kernel configuration would do just fine if the
> IPsec would be enabled in it by default. Now I have to build a custom
> kernel just for IPsec btw IPsec is even mandatory for a host
> supporting IPv6.
>
>
IETF just says that IPsec support is mandatory in IPv6, but IPsec use is
not. Most of current IPv6 implementations do not include IPsec, and
there is nothing unusual with that. It is mainly about the performance,
but there are also other issues, mainly security ones, e.g. it actually
cannot defend against DoS attacks and cannot strictly eliminate
spoofing, it is only a network-level security tool.. and there are still
lots of incompatibility issues between different vendors'
implementations of IPsec.. etc..
Ana
More information about the freebsd-hackers
mailing list