[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help - IPSEC beginner



>Could you, in your time frame, implement a general-purpose translator? 
>
>All the implementations listed above (and I think, some others) use PF-key v2
>(RFC 2367) for communication between their kernel code and their daemons.
>Howver, as I understand it, v2 does not handle policy so each implementation
>has added extensions to do that. The extensions are similar, but different.
>I understand the implementers have talked about this, and they all think
>a common set of extensions would be a good idea, and likely not really
>difficult, but they're all busy with other things.
>
>Could you sort this out in your timeframe, develop a common set of
>extensions based on ideas from those implementers, and change one or more
>implementations to use them? 

	for PF_KEY portability issue, you may want to look at 
	isakmpd (ftp.gsnig.org should have the portable version of it -
	openbsd tree does not have the portability layer).

itojun


References: