Hi Jan,
Jan Melen wrote:
Hi,
Again when I compiled a custom kernel just to enable IPsec in the
FreeBSD kernel it came to my mind why is it so that the IPsec is not
enabled by default in the GENERIC kernel configuration file? At least
for me the GENERIC kernel configuration would do just fine if the
IPsec would be enabled in it by default. Now I have to build a custom
kernel just for IPsec btw IPsec is even mandatory for a host
supporting IPv6.
IETF just says that IPsec support is mandatory in IPv6, but IPsec use is
not. Most of current IPv6 implementations do not include IPsec, and
there is nothing unusual with that. It is mainly about the performance,
but there are also other issues, mainly security ones, e.g. it actually
cannot defend against DoS attacks and cannot strictly eliminate
spoofing, it is only a network-level security tool.. and there are still
lots of incompatibility issues between different vendors'
implementations of IPsec.. etc..
Ana
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org