Re: Support for L2TP/IPsec

From: Dan Williams <dcbw redhat com>
To: David Smith <dds google com>
Cc: networkmanager-list gnome org
Subject: Re: Support for L2TP/IPsec
Date: Mon, 02 Jun 2008 14:47:01 -0400

On Mon, 2008-06-02 at 10:57 +0900, David Smith wrote:
> Dan Williams <dcbw redhat com> writes:
> 
> > On Sun, 2008-05-25 at 20:19 +0900, David Smith wrote:
> >> Vincent Bernat <bernat luffy cx> writes:
> >> 
> >> > OoO En cette  aube naissante du dimanche 25 mai  2008, vers 07:10, David
> >> > Smith <dds google com> disait:
> >> >
> >> >> Vincent, in your setup is there a strong reason you are using openswan
> >> >> instead of strongswan? Please share.
> >> >
> >> > Hi David!
> >> >
> >> > I have not tried StrongSWAN, so I have no reason to use OpenSWAN instead
> >> > of StrongSWAN.
> >> 
> >> OK, could you please double-check that your configuration works with
> >> strongswan as well as openswan? I want to propose that we focus on one
> >> IKE implementation and considering the features available in strongswan,
> >> that it works with the most server implementations especially Windows
> >> 2003 and 2008 Server and that it supports smartcards the best make it a
> >> lead contender. Dan, what do you think of deciding on an IKE? Something
> >> like a bake-off?
> >
> > It mostly depends on what the various distros will be willing to
> > package.  I don't have a strong preference since I know next to nothing
> > about either of them.  But if we "bless" one then we have to have a
> > pretty convincing story as to why we chose one over the other, so that
> > we can tell that story to distros when they start asking why they need
> > to package something else that has roughly the same functionality as
> > something they already have.
> >
> > Is strongswan a fork of openswan?  If so, was openswan upstream
> > reluctant to take certain patches and thus the strongswan fork?
> 
> There is a lot of material about strongswan and openswan's development
> history in http://www.strongswan.org/docs/LinuxTag2008-strongSwan.pdf
> . Even a nice tree of the forks.
> 
> It seems that strongswan and openswan both split away from frees/wan for
> different reasons: openswan was the branch that Xelerance developed for
> their commercial network services and strongswan was community developed
> to keep making a better linux IKEv1 and then v2 implementation.
> 
> > Is there an intention to merge strongswan back into openswan in the
> > future?  That sort of thing.  Unfortunately the politics matter to
> > distros...
> 
> Nobody on either list has hinted at anything like that, though
> anything's possible.

If they can co-exist then we're probably OK, I guess.

Dan

References:
- Re: Support for L2TP/IPsec
  - From: David Smith

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]