From owner-freebsd-security Sun Aug 22 20:43:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from trump.amber.org (trump.amber.org [209.31.146.82]) by hub.freebsd.org (Postfix) with ESMTP id B6B5F15410 for ; Sun, 22 Aug 1999 20:43:51 -0700 (PDT) (envelope-from petrilli@amber.org) Received: by trump.amber.org (Postfix, from userid 1000) id 4F59C1862A; Sun, 22 Aug 1999 23:43:51 -0400 (EDT) Message-ID: <19990822234351.D18458@amber.org> Date: Sun, 22 Aug 1999 23:43:51 -0400 From: Christopher Petrilli To: freebsd-security@FreeBSD.ORG Cc: avalon@coombs.anu.edu.au Subject: Re: VPN for FreeBSD 2.2.8 and 3.2 References: <19990822231452.A18458@amber.org> <199908230336.NAA21519@cheops.anu.edu.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199908230336.NAA21519@cheops.anu.edu.au>; from Darren Reed on Mon, Aug 23, 1999 at 01:36:16PM +1000 X-Disclaimer: I hardly speak for myself, muchless anyone else. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Aug 23, 1999 at 01:36:16PM +1000, Darren Reed wrote: > In some mail from Christopher Petrilli, sie said: > > > > On Mon, Aug 23, 1999 at 01:11:23PM +1000, Darren Reed wrote: > > > In some mail from Nicholas Brawn, sie said: > > > > > > > > Have a look at www.kame.net, and see if it fits your requirements. KAME is > > > > a freely available IPv6 & IPSec stack for BSD (developed in Japan). > > > > > > You mean it's not yet integrated into FreeBSD ?! > > > > No, and never will be so long as ITAR stands, and the FreeBSD group is > > based in the UNited States. This is why OpenBSD has to jump through so > > many hoops to stay legal. > > Bah, so FreeBSD will be InSecureBSD ? Well, so long as the ITAR bear > stands around making grizzly noises at people, it seems. Is this flamebait really necessary? FreeBSD is hardly insecure, and for 99.999999% of the situations, set up by a knowledgable administrator, is every bit as secure as OpenBSD, or anything else. IPsec, while a great idea, has hardly bee na resounding success outside of tightly controlled remoate access VPN solutions at companies. If you've ever tried to set it up, you'd undersand why. Without a complete PKI infrastructure to back it up, it won't ever succeed. Been there, done that. Additionally, many applications are VERY sensitive to latency introduction, especially things like VoIP and video, and in that situation, software solutions aren't accceptable because of their non-deterministic behaviour. > > Unfortunately, the KAME integation isn't for the faint of heart. > > Chris > > FreeBSD appears to be doing better than the other two groups in terms > of resources...there are ways around it although I'm disappointed to > see that FreeBSD isn't interested. I doubt it's a lack of interest, but a lack of someone taking the initiative... someone in a country that could deal with it, and deal with all the other nightmarish issues of distribution since Walnut Creek couldn't do it any more. Chris -- | Christopher Petrilli ``Television is bubble-gum for | petrilli@amber.org the mind.''-Frank Lloyd Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message