From owner-freebsd-net@FreeBSD.ORG  Sat Jul 19 04:14:40 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 616AD37B401; Sat, 19 Jul 2003 04:14:40 -0700 (PDT)
Received: from epita.fr (hermes.epita.fr [163.5.255.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id D3C0F43F3F; Sat, 19 Jul 2003 04:14:38 -0700 (PDT)
	(envelope-from le-hen_j@epita.fr)
Received: from carpediem (carpediem.epita.fr [10.42.42.5])
	by epita.fr id h6JBEQT17774
	Sat, 19 Jul 2003 13:14:26 +0200 (CEST)
Date: Sat, 19 Jul 2003 13:14:25 +0200
From: jeremie le-hen <le-hen_j@epita.fr>
To: John Morgan Salomon <john@zog.net>
Message-ID: <20030719111425.GA12739@carpediem.epita.fr>
References: <20030718171119.Y78744@borg-cube.com>
	<20030719082957.U370@worf.jawa.at> <3F190A4F.8050203@zog.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3F190A4F.8050203@zog.net>
User-Agent: Mutt/1.4i
cc: freebsd-net@freebsd.org
cc: Donald Burr of Borg <dburr@borg-cube.com>
cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Setting up a multi-platform VPN?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jul 2003 11:14:40 -0000

On Sat, Jul 19, 2003 at 11:07:27AM +0200, John Morgan Salomon wrote:
> You want KAME (http://www.kame.net).  It is in 4.x.  RACCOON is just
> the key management/exchange component of KAME. 
> 
> IPSEC (read the RFCs) is your best bet for inter-platform vpn connections.
> There are a number of FreeBSD implementations, although kame is probably
> your best bet for connecting to FreeSWAN/Cisco/CheckPoint/whatever.

Linux has two different implementations of IPSec, the most popular is
FreeS/WAN. The other one is called USAGI (http://www.linux-ipv6.org/) and
it is in a very close collaboration with the KAME project (see USAGI project
overview). Indeed it uses the same IKE daemon (racoon) and its configuration
is exactly the same as KAME's one. Furthermore, USAGI will be the official
IPSec implementation for 2.6 kernel series (it is already merged in the 2.5
source tree). Of course USAGI is also available for 2.4 kernels.

So I think using USAGI on your friend's Linux laptop is a good choice,
because it will save you understanding one more IPSec implementation and
configuration, in case you decide to use IPSec of course... :-)

Regards,
-- 
Jeremie aka TtZ
jeremie.le-hen@epita.fr