<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<pre wrap="">I sent a mail to Michael Richardson and I want to share this with all of you.
My mail start with > and Michael's answer without it.
> Sorry for contact you directly but I can't find the way to add a new
> entry to the General discussion forum. (I was looking in <a href="http://www.redmine.org/projects/redmine/boards">redmine</a> forum)
well, you would subscribe to it, using the web or mail interface.
> I wonder if there is some implementation of GDOI protocol RFC 3547 with
> Openswan or Pluto or Linux in order to get VPNs with Group Domain of
> Interpretation
GKMP is not implemented.
> We want to configure a phase 1 with preshare key and a phase 2 with
> GDIO in order to get the key from a Central Key server. The same
> concept than CISCO's GET-VPN or Juniper's Group VPN.
I don't think that this is the same thing.
GKMP is about keying multicast packets.
GET-VPN/Group-VPN, as far as I know, is about (auto-)building meshes, and the
IPsecME WG's <a class="moz-txt-link-freetext" href="http://datatracker.ietf.org/wg/ipsecme/">http://datatracker.ietf.org/wg/ipsecme/</a>
<a class="moz-txt-link-freetext" href="http://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem/">http://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem/</a>
is about standardizing something similar.
> Could you tell me if that is possible? or Is There some reason to
> Openswan did not have this implemented?
nobody who had money and/or time wanted to implement it.
> If it is not implemented for time reasons, we can do it and in this
> case we want to know if you have some advices about the best way to do
> it or maybe the best Openswan's developer to ask advice before start.
1) get the test bench working
2) write test cases first.
3) get on the list and post often.
</pre>
</body>
</html>