[Openswan Users] Disturbing trend in openswan

Jon jon at sacredregion.com
Wed Apr 1 04:58:29 EDT 2009


I have noticed over the years that openswan has been on a disturbing
trend toward becoming useless "nannyware" - software that thinks it
knows better than you.  An example:  the refusal of openswan to tear
down routes associated with a tunnel (although workarounds exist), on
the really weak justification that one might accidentally route packets
intended to be encypted/secure over a different, insecure connection.  I
also suspect this "nannyware" behaviour to be responsible for openswan
refusing to honor more specific routes intended to override a portion of
an existing tunnel definition (although I would appreciate confirmation
of this assumption).

As for the first example I mentioned, if I needed that functionality, I
would simply create a null route with a lower preference/metric such
that if the tunnel failed, the null route would prevent any previously
tunneled traffic from using any other links.  Unix software has
traditionally been celebrated for allowing any crazy configuration or
arguments, even if it destroys everything (ie rm -rf .*)

Why do the developers think that they need to protect us from
ourselves?  I expect this from the idiots at Redmond - I am nauseated
when I see it in the linux community.

Can anyone explain this disturbing development trend in openswan?

Cheers,
-Jon

P.S.  Please forgive if this is double/cross posted...






More information about the Users mailing list