From owner-freebsd-net  Thu Nov  5 01:42:17 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA13994
          for freebsd-net-outgoing; Thu, 5 Nov 1998 01:42:17 -0800 (PST)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA13870;
          Thu, 5 Nov 1998 01:41:59 -0800 (PST)
          (envelope-from itojun@itojun.org)
Received: from localhost (itojun@localhost.itojun.org [127.0.0.1])
	by coconut.itojun.org (8.9.1+3.1W/3.7W/smtpfeed 0.89) with ESMTP id SAA22945;
	Thu, 5 Nov 1998 18:41:48 +0900 (JST)
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: Andreas Klemm <andreas@klemm.gtn.com>, Mike Tancsa <mike@sentex.net>,
        Juergen Nickelsen <ni@tellique.de>, freebsd-net@FreeBSD.ORG,
        jkh@FreeBSD.ORG, joerg@FreeBSD.ORG
In-reply-to: jkh's message of Thu, 05 Nov 1998 00:43:23 PST.
      <18416.910255403@time.cdrom.com> 
X-Template-Reply-To: itojun@itojun.org
X-Template-Return-Receipt-To: itojun@itojun.org
X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD  90 5F B4 60 79 54 16 E2
Subject: Re: ipsec (VPN) for -current ? (Re: VPN through encrypted IP tunnel for FreeBSD? ) 
From: Jun-ichiro itojun Itoh <itojun@iijlab.net>
Date: Thu, 05 Nov 1998 18:41:48 +0900
Message-ID: <22941.910258908@coconut.itojun.org>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>> 	- OpenBSD uses PlutoPlus, and KAME uses racoon for IKE daemon.
>Can you perhaps say a few words on the differences between these two?

	Pluto was originally written by Angelos Keromytis, and maintained
	in several places separately.  OpenBSD, NIST (nist.gov), and
	FreeS/WAN use Pluto-variant IKE daemon.
	Since they are maintained by separate people, and seems to be
	heavily modified by each party (to fit with kernel API used by
	each party), they should be considered as different programs.

	I dunno much about internals (supported crypto algorithms,
	negotiations and so forth) about PlutoPlus that is bundled
	with OpenBSD.

	KAME IKE daemon (racoon) was tested with FreeS/WAN Pluto variant
	and NIST Pluto variant and worked fine with them.  I have never
	tested with OpenBSD guys, but I think I can try that soon if needed.

	There is NO standard IKE codebase, there is NO mature IKE program,
	IMHO.  Interop test still has big troubles.  I think it is still too
	early to recommend some IKE daemon over some others.

itojun

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message