Why KAME/racoon sucks (was: OpenSWAN ANNOUCEMENT)
Lamar Owen
lowen at pari.edu
Mon Jan 5 21:39:29 UTC 2004
On Saturday 03 January 2004 09:58 pm, Dax Kelson wrote:
> On Sat, 2004-01-03 at 12:14, Lamar Owen wrote:
> > need this when the KAME stuff is working and works with 2.6? KAME being
> > what RHEL is using, why would OpenSWAN be needed in Core (maybe in
> Note that Openswan is the successor to Super FreeSWAN.
I had already gathered that.
> 2) Secure road warrior to HQ communication
> I would say IPsec deployment for "2" clearly, clearly outweighs "1".
> Basically, supporting road warriors is impossible with racoon or isakmp.
I'm not necessarily interested in the Linux road warrior. I am, however,
interested in smooth interoperability with Windows XP clients. So doing the
DHCP over IKE is not needed, since the WinXP stuff uses PPP/L2TP to get the
IP address, and PPP can use DHCP (with the ppp-dhcp plugin). Yes, I know the
WinXP implementation is ugly. But when you are doing remote astronomy where
the Windows software is king, you interoperate or you don't operate.
Racoon seems to be significatly easier to configure, however.
--
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
(828)862-5554
www.pari.edu
More information about the fedora-devel-list
mailing list