Re: Support for L2TP/IPsec

From: David Smith <dds google com>
To: Dan Williams <dcbw redhat com>
Cc: networkmanager-list gnome org
Subject: Re: Support for L2TP/IPsec
Date: Mon, 02 Jun 2008 10:57:05 +0900

Dan Williams <dcbw redhat com> writes:

> On Sun, 2008-05-25 at 20:19 +0900, David Smith wrote:
>> Vincent Bernat <bernat luffy cx> writes:
>> 
>> > OoO En cette  aube naissante du dimanche 25 mai  2008, vers 07:10, David
>> > Smith <dds google com> disait:
>> >
>> >> Vincent, in your setup is there a strong reason you are using openswan
>> >> instead of strongswan? Please share.
>> >
>> > Hi David!
>> >
>> > I have not tried StrongSWAN, so I have no reason to use OpenSWAN instead
>> > of StrongSWAN.
>> 
>> OK, could you please double-check that your configuration works with
>> strongswan as well as openswan? I want to propose that we focus on one
>> IKE implementation and considering the features available in strongswan,
>> that it works with the most server implementations especially Windows
>> 2003 and 2008 Server and that it supports smartcards the best make it a
>> lead contender. Dan, what do you think of deciding on an IKE? Something
>> like a bake-off?
>
> It mostly depends on what the various distros will be willing to
> package.  I don't have a strong preference since I know next to nothing
> about either of them.  But if we "bless" one then we have to have a
> pretty convincing story as to why we chose one over the other, so that
> we can tell that story to distros when they start asking why they need
> to package something else that has roughly the same functionality as
> something they already have.
>
> Is strongswan a fork of openswan?  If so, was openswan upstream
> reluctant to take certain patches and thus the strongswan fork?

There is a lot of material about strongswan and openswan's development
history in http://www.strongswan.org/docs/LinuxTag2008-strongSwan.pdf
. Even a nice tree of the forks.

It seems that strongswan and openswan both split away from frees/wan for
different reasons: openswan was the branch that Xelerance developed for
their commercial network services and strongswan was community developed
to keep making a better linux IKEv1 and then v2 implementation.

> Is there an intention to merge strongswan back into openswan in the
> future?  That sort of thing.  Unfortunately the politics matter to
> distros...

Nobody on either list has hinted at anything like that, though
anything's possible.

- dds

Attachment: pgpLix3klTvZi.pgp
Description: PGP signature

Follow-Ups:
- Re: Support for L2TP/IPsec
  - From: Dan Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]