Re: linux-ipsec: ANNOUNCE: FreeS/WAN IPSEC & IKE version 0.8 released & useful!

> From: Hugh Daniel <hugh@road.toad.com>
> The 0.8 (and target 1.0 in June) runs only in a VPN (tunnel) mode,

Although I've just started looking at OpenBSD code, I'm still not looking at Linux code, since you are not done, and I have pretty fundamental architectural question:

• Why is the tunnel code not orthogonal to the ah/esp code???

Karn started with tunnels, having had them for many years for ham radio. Surely Linux has tunnels already, as I thought that was the same Alan Cox who was active in the TCP-Group?

Karn just added "transport" level AH and ESP, with a target host. Using separate commands, you get both tunnel and transport with the same implementation effort.

I have my own re-implementation of Karn's earlier design, but here are the manual commands that allow me into morningstar.com, as an example:

    route addp 137.175.0.0/16 tunnel 137.175.1.2     route addp default px

    secure add <spi-out> md5kp <secret> 137.175.1.2     secure add <spi-in> md5kp <secret>

"md5kp" is RFC-1828 (leading key padded envelope MAC). "md5h" would be Hugo-MAC (the N-MAC deviant currently used in IPSec).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

WSimpson@UMich.edu

    Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 Received on Fri May 15 12:40:56 1998