Hi --
I've been unable to find much discussion of what IPsec
features should be built into 2.5 / 2.6 to ensure a
reasonable level of usability and scalability.
For example, consider the challenge of establishing an
ordinary VPN where N-1 of the gateways have changeable
wild-side IP addresses. AFAICT nobody knows how to get
racoon to do this.
People were hoping that the new IPsec implementation
would be a step forward. If it can't support road
warriors it might be considered a step backwards.
Mr. Atkins recently offered to look into the road-warrior
issue in particular ...
http://lists.freeswan.org/pipermail/design/2003-March/004575.html
... but the overall question remains: What has been
done to ensure completeness and coherence of the
design in general?
Is there a document somewhere listing the set of
desirable features and the status thereof? If not,
it's high time to create one.
If you want to know what sort of features I'm talking
about, please see
http://www.monmouth.com/~jsd/vpn/ipsec+routing/feature-list.htm
Some of the listed features are obvious and already implemented
or at least promised. But others may be less obvious and their
status is not clear.
|