[Openswan Users] ipsec look on 2.6
Herbert Xu
herbert at gondor.apana.org.au
Thu Dec 1 12:51:01 CET 2005
Martin Hillier <martin.hillier at nyquist-solutions.com> wrote:
>
> Marco only a few days ago Paul Wouters wrote the following about klips over
> netkey..
I'm afraid this is inaccurate.
> - stable and proven to work code. Lots of experience
It seems that KLIPS crashes a lot especially with new kernels.
The in-kernel stack has also been around for three years now.
> - ipsecX interfaces
This is arguable as to whether it's an advantage since it introduces
other problems such as how it interacts with policy routing.
> - async/sync crypto offloading (eg hardware accelerators)
That's certainly planned for the in-kernel stack.
> - non-lineair SA search
Huh?
> - most specific route first selection on SA's
Works for the in-kernel stack too.
> - path mtu support
The in-kernel stack fully supports PMTU with IPsec.
> - faster hand assembly coded ciphers
The in-kernel stack has optimised assembly routines too. It also supports
the VIA Padlock.
> - support for dynamic SA's and packet caching
> (needed for Opportunistic Encryption)
Coming soon to the in-kernel stack, as soon as the netfilter work is
finished.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Users
mailing list