netdev
[Top] [All Lists]

ipsec, nat-t, iproute2?

To: netdev@xxxxxxxxxxx
Subject: ipsec, nat-t, iproute2?
From: bert hubert <ahu@xxxxxxx>
Date: Fri, 30 Jul 2004 19:07:26 +0200
Mail-followup-to: bert hubert <ahu@xxxxxxx>, netdev@xxxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.3.28i
Hi people,

I'm once again trying to get a hang of the state of ipsec in linux, and I
have some questions.

1) One can configure ipsec over netlink (XFRM_USER), is this the preferred
interface? Is it documented somehwere, or is there some source which uses
this interface? Alternatively, is PFKEY considered deprecated?

2) I hear people are working on iproute so it can use XFRM_USER, is this
code available somewhere?

3) NAT-Traversal, how does one set this up either using setkey,
iproute2+stuff, or XFRM_USER? Is it supposed to work right now?
Is NAT-T 'UDP_ENCAP_ESPINUDP'?

Thanks. What I'll figure out from these questions I'll document.

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO

<Prev in Thread] Current Thread [Next in Thread>