I'm once again trying to get a hang of the state of ipsec in linux, and I
have some questions.
1) One can configure ipsec over netlink (XFRM_USER), is this the preferred
interface? Is it documented somehwere, or is there some source which uses
this interface? Alternatively, is PFKEY considered deprecated?
2) I hear people are working on iproute so it can use XFRM_USER, is this
code available somewhere?
3) NAT-Traversal, how does one set this up either using setkey,
iproute2+stuff, or XFRM_USER? Is it supposed to work right now?
Is NAT-T 'UDP_ENCAP_ESPINUDP'?
Thanks. What I'll figure out from these questions I'll document.
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO