[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Mobile IP for FreeBSD from Portland State University
--- On Fri, 01 Aug 1997 11:01:40 -0700 Bill Trost <trost@cs.pdx.edu> wrote:
> * NRL's IPSEC, ported to FreeBSD, with extensions to allow IPSEC security
> associations to be bound to routes. This allows virtual private networks
> to be created by simply configuring the routing table appropriately.
EVERY release of NRL IPsec __already__ supported binding IPsec SAs to routes,
so that is NOT a new extension. In fact, the original NRL codebase was
tested at NRL in a VPN configuration and it worked fine. Those of us who
wrote the original NRL code would _really_ appreciate it if Bill and others
at PDX would drop that misleading claim.
Dan McD did the NRL secure route code modification (in fairness to PDX folks,
it was a bit obscurely coded in the earliest NRL releases) in one of the
very few bits of IPsec code danmcd did at NRL (nearly all NRL ipsec code is from
cmetz or rja). The PDX folks do secure routes differently than the NRL IPsec
code does. Various other aspects of the NRL IPsec code were altered (e.g. The
PDX code that I examined in Spring 97 had removed the feature that IPsec policy
processing was isolated into one place -- ipsec_policy.c) -- so its not a
straight port.
Also, as of the Spring'97 PDX code, the NRL code inside was fairly ancient stuff,
not one of the more recent NRL releases. If FreeBSD folks are interested only
in IPsec, they might be more interested in porting one of the newer releases
from NRL or working from some other freely distributable codebase.
That all said, I hope various folks find the PDX code useful.
Ran
rja@inet.org
Follow-Ups:
References: