I did your research for you because I was curious. I'd suggest you look a little harder before spreading FUD. If you aren't going to bother spending five minutes doing correct research, I'm certainly not going to go out of my way implementing uninteresting features which I don't need or use. http://ipsec-tools.sourceforge.net/ (which we use) certainly does support everything you asked for (as you can see here: http://netbsd.gw.com/cgi-bin/man-cgi?racoon.conf+5+NetBSD-current) except for Serpent. We haven't implemented them as the old racoon likely didn't support them. Besides, most commercial vendors don't support anything outside of DES/3DES/AES/Blowfish and MD5/SHA1 - let alone DH groups outside of 1,2,5.
--Bill On 1/25/06, David Strout <[EMAIL PROTECTED]> wrote: > Ah no ... it appears that there is NOT the same > level(s) of VPN crypts/hashes/features for the > xBSD realm as there are for say the Linux realm. > > Again appologies for the noise !! > > -- > David L. Strout > Engineering Systems Plus, LLC > > ----- Original Message ----- > Subject: Re: [pfSense Support] IPSec enhancements > ??s > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: 01-25-2006 9:57 pm > > > > On 1/25/06, David Strout <[EMAIL PROTECTED]> > wrote: > > > Are there any plans to expand IPSec to support > > > more VPN/phase 1 and 2 options ... like say: > > > > > > Compression > > > & > > > IKE Encryption: > > > AES 256 > > > Twofish 256 > > > Serpent 256 > > > & > > > ESP Encryption: > > > AES 256 > > > Twofish 256 > > > Serpent 256 > > > & > > > IKE Integrity: > > > SHA2 512/256 > > > & > > > Higher DH key group .. eg: > 1536 bit > > > & > > > Higher PFS key group .. eg: > 1536 bit > > > > > > Not sure if the current IPSec-tools/FreeBSD is > > > capable of these advanced features, but it > would > > > be nice to explore for future releases as an > > > enhancement to a great VPN product already. > > > > Care to do the research for us? > > > > --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
