On Feb 4, 2014, at 5:39 PM, Michael Richardson <[email protected]> wrote:
> > Harms, Patrick <[email protected]> wrote: >>>>> Based on the theories (advpn draft and dmvpn) and real world >>>>> experience (dmvpn), I would favor dmvpn, because the handling and >>>>> operating sounds less complex. (eg. lower amount of steps in tunnel >>>>> initiation, single logical interface for tunnel termination etc.) > >>>> Do you care about mobile (handheld) devices? > > Yoav> Hey, those are higher-specced than the dual-pentium III at 800MHz with > Yoav> 512 MB or RAM that we were selling as a high-end gateway when I > Yoav> started working at Check Point :-) > > Yoav, your statement is nonsense. > It tells me that you have done no mobile development at all. > I have. I've done IPsec on them too. > > It's not about the amount of ram that they, or the speed of the device. > It about the access to the kernel. Access to the kernel is at the discretion of the OS vendor. Both Microsoft and Apple are increasingly limiting the access that application developers have on so-called "desktop" operating systems. > Tell me, if I had you a corporate laptop computer (any specs you like), for > you which you can not install any device drivers or do anything as root or > "administrator", can you install your VPN software? I could not. Could you do it on Windows Phone 8 (that does not have its own native IPsec)? > Now, if I give you just enough root so that you can have a PF_KEY socket, can > you make something work? I could maybe make IPsec work, but not likely a GRE tunnel. However, Apple can do it on iOS, Microsoft can do it on Windows Phone, and a bunch of vendors can do it on Android. Big vendors like Cisco could probably get their client software to be blessed by the OS vendor. Tough? Yes, but it's getting harder to develop for the likes of Mavericks and Windows 8.1 as well. I'm not sure where you see a fundamental difference between desktop operating systems and mobile ones. They're all as locked down as the vendor wants them to be, and getting more locked down. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
