[Openswan dev] Re: user control of conns

Paul Wouters paul at xelerance.com
Wed Dec 8 14:35:17 CET 2004


On Wed, 8 Dec 2004, D. Hugh Redelmeier wrote:

> In theory, It might be nice to allow more than one IPSEC
> implementation to coexist.  Pluto was designed to allow different IKE
> daemons on different interfaces.  So I'd be in favour of "pluto" or
> "openswan" groups rather than "ipsec".

The same actually applies to the service we install (currently 'ipsec') and
the kernel module we install (currentlt 'ipsec.o or ipsec.ko). It might make
sense to rename these to openswan for the service and klips for the module.

Then again, we also see more of a need to use dynamic interfaces that appear
and vanish, in which case it is realy not realistic anymore to have different
IKE daemons listening. In fact, I hear more and more that people wish to
have pluto listen on 0.0.0.0:500.

Paul


More information about the Dev mailing list