From owner-freebsd-hackers  Fri Mar 20 02:15:34 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA02013
          for freebsd-hackers-outgoing; Fri, 20 Mar 1998 02:15:34 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from itesec.hsc.fr (root@itesec.hsc.fr [192.70.106.33])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA02003
          for <FreeBSD-Hackers@FreeBSD.ORG>; Fri, 20 Mar 1998 02:15:25 -0800 (PST)
          (envelope-from pb@hsc.fr)
Received: from mars.hsc.fr (pb@mars.hsc.fr [192.70.106.44])
	by itesec.hsc.fr (8.8.8/8.8.5/itesec-1.12-nospam) with ESMTP id LAA12370;
	Fri, 20 Mar 1998 11:14:59 +0100 (MET)
Received: (from pb@localhost)
	by mars.hsc.fr (8.8.5/8.8.5/pb-19970301) id LAA02406;
	Fri, 20 Mar 1998 11:13:48 +0100 (MET)
Message-ID: <19980320111347.GL52250@mars.hsc.fr>
Date: Fri, 20 Mar 1998 11:13:47 +0100
From: Pierre.Beyssac@hsc.fr (Pierre Beyssac)
To: baum@actcom.co.il (Alexander Indenbaum)
Cc: gary@hotlava.com (Gary Howland), FreeBSD-Hackers@FreeBSD.ORG
Subject: Re: IPSec
References: <Pine.SUN.3.96-heb-2.07.980319203057.8219A-100000@actcom.co.il>
X-Mailer: Mutt 0.59.1e
Mime-Version: 1.0
In-Reply-To: <Pine.SUN.3.96-heb-2.07.980319203057.8219A-100000@actcom.co.il>; from Alexander Indenbaum on Mar 19, 1998 20:58:03 +0200
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

According to Alexander Indenbaum:
> After checking I found out that IPSec is already implemented under
> OpenBSD, so as a beginning we're probably going to port OpenBSD code
> to FreeBSD.
> 
> Does anyone already working on it?

IPSEC for FreeBSD would really be a nice thing to have ! Meanwhile,
you can use the SKIP package which is a very similar approach but
AFAIK isn't 100% IPsec compatible (uses protocol number 57).

There's also the INRIA IPv6 code which seems to implement bits and
pieces of IPsec. I don't the code well enough yet to know if it's
only IPsec/IPv6 or if it does IPsec/IPv4 too. I also don't know if
it's functional yet (there's something in the TODO list about testing
it). It's distributed without stuff like MD5/SHA/DES due to the
ridiculous french law on cryptography control, but it shouldn't be very
difficult to put that back in based on freely distributable versions, all
the hooks are already in.

Maybe you can try their patches for FreeBSD 2.2.5 and see if there's
a lot of work involved in making it work for IPv4 too. It's available
at ftp://ftp.inria.fr/network/ipv6/.

I'm currently porting this to -current and might have a look at the
IPsec part too, once I've got basic IPv6 functionalities working.
-- 
Pierre.Beyssac@hsc.fr

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message