Re: Support for L2TP/IPsec

From: Dan Williams <dcbw redhat com>
To: Vincent Bernat <bernat luffy cx>
Cc: networkmanager-list gnome org
Subject: Re: Support for L2TP/IPsec
Date: Fri, 23 May 2008 17:20:44 -0400

On Fri, 2008-05-23 at 21:29 +0200, Vincent Bernat wrote:
> OoO  En ce  début de  soirée du  vendredi 23  mai 2008,  vers  21:23, je
> disais:
> 
> > Well, this would be a bit difficult. There others IKE daemon that may be
> > configured this way:
> >  - isakmpd from OpenBSD accepts  to be enterily configured using a named
> >    pipe
> >  - iked from  Shrew Soft VPN client has an IKE  daemon that also accepts
> >    to be configured in a similar way
> 
> Another thing to  know about those IKE daemons is that  only one can run
> on the system.  Therefore, contrary to PPTP, we cannot  just spawn a new
> one  for each  connection. The  same IKE  daemon can  handle  many IPsec
> tunnels.

That gets interesting, and that means that we need to be able to talk to
the IKE daemon directly using a socket or something so we can have it
bring the tunnels up or down, and so that we can get status when a
tunnel dies or whatever.  The last one is pretty critical, so that we
can notify the user that something has happened and that's why their VPN
is no longer working.

Dan

Follow-Ups:
- Re: Support for L2TP/IPsec
  - From: David Smith

References:
- Support for L2TP/IPsec
  - From: Vincent Bernat
- Re: Support for L2TP/IPsec
  - From: Dan Williams
- Re: Support for L2TP/IPsec
  - From: Vincent Bernat
- Re: Support for L2TP/IPsec
  - From: Vincent Bernat

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]