From owner-freebsd-net Thu Nov 5 05:36:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA12422 for freebsd-net-outgoing; Thu, 5 Nov 1998 05:36:40 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from inner.net (avarice.inner.net [199.33.248.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA12417 for ; Thu, 5 Nov 1998 05:36:37 -0800 (PST) (envelope-from cmetz@inner.net) Received: from inner.net (cmetz.cstone.net [205.197.102.217]) by inner.net (8.9.1/8.9.1) with ESMTP id NAA21656; Thu, 5 Nov 1998 13:21:46 GMT Message-Id: <199811051321.NAA21656@inner.net> To: Jun-ichiro itojun Itoh cc: jkh@time.cdrom.com, freebsd-net@FreeBSD.ORG Subject: Re: ipsec (VPN) for -current ? (Re: VPN through encrypted IP tunnel for FreeBSD? ) In-reply-to: Your message of "Thu, 05 Nov 1998 17:33:28 +0900." <21751.910254808@coconut.itojun.org> X-Copyright: Copyright 1998, Craig Metz, All Rights Reserved. X-Reposting: With explicit permission only Date: Thu, 05 Nov 1998 03:36:14 -0500 From: Craig Metz Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <21751.910254808@coconut.itojun.org>, you write: > The key differences are: > - OpenBSD IPsec uses PF_ENCAP kernel interface, which has no standard > as far as I know. KAME IPsec uses PF_KEY v2 defined in RFC2367. > - OpenBSD IPsec does not support IPv6. KAME IPsec supports IPv6. > Therefore, if OpenBSD IPsec and KAME IPv6 get imported, somebody > has to modify OpenBSD IPsec to support IPv6. The OpenBSD folks plan to merge the next NRL release and thus will have PF_KEYv2 and IPv6 support (which implies IPsec-for-IPv6, as it is a mandatory part of IPv6). This also means that there are some significant improvements coming soon in the OpenBSD IPsec support. It might not be sensible to integrate the OpenBSD IPsec code until after these are done. -Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message