KAME/Fast IPSEC (was Re: netatm: plan for removal unless an
active maintainer is found)
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Thu Mar 16 08:40:13 UTC 2006
On Thu, 16 Mar 2006, Massimo Lusetti wrote:
Hi,
> On Wed, 2006-03-15 at 22:59 +0100, Pawel Jakub Dawidek wrote:
>
>> Let me add my two cents. There are actually two things to do with KAME
>> IPsec: MPSAFE and crypto(9) support and only one thing (IPv6) in case of
>> fast_ipsec(4), so I think it will be much easier to add IPv6 support to
>> fast_ipsec(4) and just drop KAME IPsec, so we can have one, full
>> functional IPsec stack.
>>
>> This is really confusing for the users. When I first heard of
>> fast_ipsec(4) I thought it only works with crypto HW and if I need to do
>> cryptography in software I need KAME IPsec.
>>
>> But that's just an opinion of a passive observer:)
>
> I also would like to see more clearness on this, Pawel is right saying
> it's a confusing situation.
with hopefully enough time this problem will be solved during
the year. This will also need some netinet6 work,...
What you can find at
http://sources.zabbadoz.net/freebsd/ipv6/
is far from being complete or fully up-to-date but it's a start...
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the freebsd-arch
mailing list