[Openswan dev] Support of hybrid mode planned?

Paul Wouters paul at xelerance.com
Mon Oct 9 11:24:50 EDT 2006

On Mon, 9 Oct 2006, Peter Bieringer wrote:

> sure you know that support of hybrid mode is still missing.
> Unfortunately, Check Point FW-1 using this mode for authentication with
> e.g. username, PIN and tokencode.
> I found a rather outdated patch on the mailing list:
> http://lists.openswan.org/pipermail/dev/2004-May/000331.html

There is a patch in openswan-2/contrib/checkpoint for the client side of
things. But it has not been testedcimpiled by us recently.

> Will this support ever be added, and if yes, is there a timeframe available?

We cannot add support for a feature in openswan-2 if we cannot test it.

We do not have a checkpoint, or the patch for the "server side" of hybrid
mode. On top of this, there might be issues with the licensing scheme of
such extensions. Finally, hybrid mode is obsoleted by IKEv2, and we would
rather invest our time in that.

Building and integrating Virtual Private Networks with Openswan:

More information about the Dev mailing list