Date: Fri, 12 Mar 1999 01:32:04 +0100 (CET) From: "Marco Molteni" <molter@tin.it> To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu> Cc: freebsd-security@FreeBSD.ORG Subject: IKE daemons (was: Re: disapointing security architecture) Message-ID: <Pine.BSF.3.96.990312012243.407B-100000@nympha> In-Reply-To: <199903110155.UAA23785@adk.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Mar 1999, Angelos D. Keromytis wrote: > >> > An other point OpenBSD made some steps forward: they have IPSec > >> > (PF_KEY v2 !!). > >> > >> 1. PF_KEY != IPsec. > > Sorry for jumping in here, I'd just like to point out that OpenBSD > does have an IPsec stack as well (has had one for a bit over 2 years); > PFKEYv2 was added recently, replacing the PFENCAP interface used before. Angelos, maybe I wasn't clear. What I meant was simply that PF_KEY isn't IPsec (it's just an API), not that, since OpenBSD has PF_KEY, it hasn't IPsec. I know OpenBSD has the NRL code. > If you use the KAME code, I would suggest using the OpenBSD isakmpd with > it (once it's been converted to PFKEYv2, should be before the end of the > month). This could be a really interesting thing. I'm doing something near to impossible, Multicast IPsec key distribution. As platform I'm using FreeBSD+KAME with some custom patches. What is isakmpd ? Is it an IKE daemon? I saw in the NRL IPsec web pages that they have two IKE/ISAKMP daemons, one from Cisco, but both aren't available outside the USA. Basically I'm looking for some sample code using PF_KEY to do key exchanges. Marco --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990312012243.407B-100000>