On Sat, May 22, 2010 at 10:33:00PM -0700, Alan DuBoff wrote: > > Ultimately I need a secure VPN connection using IPSEC/IKE, and the current > support extends to cover Cisco, Juniper, and Check Point, and a 4th method > using OpenSwan on a Linux box. The client will connect to one of these.
You're definitely needing XAUTH and CFG, which we don't have in our IKEv1. > I wonder if Nexenta has OpenSwan support...(thinking out loud)? That mean > both ways, in the sense could an OpenSwan client connect to your punchin > server, as well as could your punchin client connect to an OpenSwan server. OpenSWAN is both kernel IPsec (which we have already) and IKE (which is usr/closed). To my knowledge, you can't just port OpenSWAN. You could take OpenSWAN's IKE, rip out its user->kernel interfaces and replace them with ours (PF_KEY has fragmented beyond RFC 2367, plus Linux has an alternate user->kernel interface) if you're feeling ambitious. > Dan's original reply mentioned that the IKE support was in closed, so it > would seem that most of it is in Oracle's hands. In that sense it might be > good to see OpenSwan ported to Solaris. I wonder if that can work on > Nexenta...? Only if you do what I suggested above and do the port of *JUST* OpenSWAN's IKE daemon. Dan _______________________________________________ security-discuss mailing list [email protected]
