[Openswan Users] GDOI and openswan

Esteban Lopez elopez at softel.net.mx
Wed Jul 10 00:03:22 UTC 2013


I sent a mail to  Michael Richardson and I want to share this with all of you.

My mail start with > and Michael's answer without it.

     > Sorry for contact you directly but I can't find the way to add a new
     > entry to the General discussion forum. (I was looking inredmine  <http://www.redmine.org/projects/redmine/boards>  forum)

well, you would subscribe to it, using the web or mail interface.

    > I wonder if there is some implementation of GDOI protocol RFC 3547 with
     > Openswan or Pluto or Linux in order to get VPNs with  Group Domain of
     > Interpretation

GKMP is not implemented.

     > We want to configure a phase 1 with preshare key and a phase 2 with
     > GDIO in order to get the key from a Central Key server. The same
     > concept than CISCO's GET-VPN or Juniper's Group VPN.

I don't think that this is the same thing.
GKMP is about keying multicast packets.

GET-VPN/Group-VPN, as far as I know, is about (auto-)building meshes, and the
IPsecME WG'shttp://datatracker.ietf.org/wg/ipsecme/
http://datatracker.ietf.org/doc/draft-ietf-ipsecme-ad-vpn-problem/

is about standardizing something similar.

     > Could you tell me if that is possible?  or Is There some reason to
     > Openswan did not  have this implemented?

nobody who had money and/or time wanted to implement it.

     > If it is not implemented for time reasons, we can do it and in this
     > case we want to know if you have some advices about the best way to do
     > it or maybe the best Openswan's developer to ask advice before start.

1) get the test bench working
2) write test cases first.
3) get on the list and post often.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130709/c416fb8b/attachment.html>


More information about the Users mailing list