Date: Fri, 01 May 2009 16:01:47 +0200 From: Ana Kukec <anchie@fer.hr> To: Jan Melen <jan@melen.org> Cc: freebsd-hackers@freebsd.org Subject: Re: IPsec in GENERIC kernel config Message-ID: <49FB00CB.5080402@fer.hr> In-Reply-To: <49F5B6F8.4040808@melen.org> References: <49F5B6F8.4040808@melen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jan, Jan Melen wrote: > Hi, > > Again when I compiled a custom kernel just to enable IPsec in the > FreeBSD kernel it came to my mind why is it so that the IPsec is not > enabled by default in the GENERIC kernel configuration file? At least > for me the GENERIC kernel configuration would do just fine if the > IPsec would be enabled in it by default. Now I have to build a custom > kernel just for IPsec btw IPsec is even mandatory for a host > supporting IPv6. > > IETF just says that IPsec support is mandatory in IPv6, but IPsec use is not. Most of current IPv6 implementations do not include IPsec, and there is nothing unusual with that. It is mainly about the performance, but there are also other issues, mainly security ones, e.g. it actually cannot defend against DoS attacks and cannot strictly eliminate spoofing, it is only a network-level security tool.. and there are still lots of incompatibility issues between different vendors' implementations of IPsec.. etc.. Ana
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49FB00CB.5080402>