From owner-freebsd-security Tue Feb 4 15:07:12 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA20871 for security-outgoing; Tue, 4 Feb 1997 15:07:12 -0800 (PST) Received: from cs.pdx.edu (root@cs.pdx.edu [204.203.64.22]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA20856 for ; Tue, 4 Feb 1997 15:07:08 -0800 (PST) Received: from sirius.cs.pdx.edu (root@sirius.cs.pdx.edu [204.203.64.13]) by cs.pdx.edu (8.8.5/8.8.5) with ESMTP id PAA23337 for ; Tue, 4 Feb 1997 15:07:01 -0800 (PST) Received: from localhost (jrb@localhost [127.0.0.1]) by sirius.cs.pdx.edu (8.8.5/8.8.5) with ESMTP id PAA18695 for ; Tue, 4 Feb 1997 15:06:59 -0800 (PST) Message-Id: <199702042306.PAA18695@sirius.cs.pdx.edu> To: freebsd-security@FreeBSD.org Subject: release of ipsec for freebsd In-reply-to: Your message of "Tue, 13 Aug 1996 09:48:47 +0200." <199608130748.AA198942528@euro.eurocontrol.fr> Date: Tue, 04 Feb 1997 15:06:58 -0800 From: Jim Binkley Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk If anyone should be interested in the IP Security WG efforts (IPSEC wg), we have made a port of last summer's NRL/ipsec code for IPv4 (not v6) into freebsd 2.1.0, which is our current Mobile-IP kernel src base. This is NOT just mobile-ip oriented, but is aimed at more general network security. The src includes some test apps, some but not all NRL supplied utilities, some test apps of our own, and complete kernel src. In order to get the release, please see the web page: http://www.cs.pdx.edu/research/SMN/index.html, and page down to "PSU IPSEC/FreeBSD port". You have to grab two gzip'ed tar archives, one at PSU, and one at MIT. The latter is for the "export controlled" portion. a few feature (or lack thereof) points: 1. for IPv4, not IPv6 2. experimental!. you must be a kernel hacker 3. NRL's ipsec was transport (socket) oriented. We kept that and added a 1st cut routing binding too (you can view this as a virtual private network mechanism). 4. routes using route(8) or arp(8) can have a ESP/DES binding (and RSN will have an AH/ binding too). 5. our virtual tunnel driver which is part of our MIP implementation but is crucial to the IPSEC stuff too. 6. our Mobile-IP (MIP) kernel routing hacks which don't hurt anything normal and can be ignored if you don't care about Mobile-IP. 7. a couple of simple tcp/udp apps to test and demo the transport (socket) IPSEC bindings. 8. btw, the NRL key(8) utility has been renamed as ipkey(8), as key() already existed. 9. includes (obviousally) NRL's key socket in its form as of last summer. We are starting a majordomo mailing list at PSU. the list name is: freebsd-ipsec@cs.pdx.edu, majordomo@cs.pdx.edu to join. We do not guarantee to "maintain" this or fix bugs or whatever. We are however in the process of improving it and are hoping to finish some parts, and fix some bugs in another release in a few months. Jim Binkley jrb@cs.pdx.edu