[Openswan dev] GDOI and Openswan
Esteban Lopez
elopez at softel.net.mx
Wed Jul 10 00:42:04 UTC 2013
I sent a mail to Michael Richardson and I want to share this with all of you.
My mail start with > and Michael's answer without it.
> Sorry for contact you directly but I can't find the way to add a new
> entry to the General discussion forum. (I was looking inredmine <http://www.redmine.org/projects/redmine/boards> forum)
well, you would subscribe to it, using the web or mail interface.
> I wonder if there is some implementation of GDOI protocol RFC 3547 with
> Openswan or Pluto or Linux in order to get VPNs with Group Domain of
> Interpretation
GKMP is not implemented.
> We want to configure a phase 1 with preshare key and a phase 2 with
> GDIO in order to get the key from a Central Key server. The same
> concept than CISCO's GET-VPN or Juniper's Group VPN.
I don't think that this is the same thing.
GKMP is about keying multicast packets.
GET-VPN/Group-VPN, as far as I know, is about (auto-)building meshes, and the
IPsecME WG'shttp://datatracker.ietf.org/wg/ipsecme/
http://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem/
is about standardizing something similar.
> Could you tell me if that is possible? or Is There some reason to
> Openswan did not have this implemented?
nobody who had money and/or time wanted to implement it.
> If it is not implemented for time reasons, we can do it and in this
> case we want to know if you have some advices about the best way to do
> it or maybe the best Openswan's developer to ask advice before start.
1) get the test bench working
2) write test cases first.
3) get on the list and post often.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/dev/attachments/20130709/ecb91e1c/attachment.html>
More information about the Dev
mailing list