Bug 116374 - rfe: consider upgrading to 0.2.4
Summary: rfe: consider upgrading to 0.2.4
Alias: None
Product: Fedora
Classification: Fedora
Component: ipsec-tools   
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2004-02-20 17:01 UTC by Kaj J. Niemi
Modified: 2014-03-17 02:42 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-02-27 23:11:43 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch to ipsec-tools.spec from version 0.2.2-8 to 0.2.4 (1.46 KB, patch)
2004-02-20 17:20 UTC, Kaj J. Niemi
no flags Details | Diff
Patch to fix racoon destination also install racoonctl (605 bytes, patch)
2004-02-20 17:21 UTC, Kaj J. Niemi
no flags Details | Diff

Description Kaj J. Niemi 2004-02-20 17:01:54 UTC
Description of problem:
Consider upgrading ipsec-tools to 0.2.4 (rawhide has 0.2.2). There's
been a lot of activity on it in January and it would be kind of
beneficial for FC2 if it shipped with the newer version :)


Comment 1 Kaj J. Niemi 2004-02-20 17:20:22 UTC
Created attachment 97865 [details]
patch to ipsec-tools.spec from version 0.2.2-8 to 0.2.4

Comment 2 Kaj J. Niemi 2004-02-20 17:21:49 UTC
Created attachment 97867 [details]
Patch to fix racoon destination also install racoonctl

Comment 3 Bill Nottingham 2004-02-23 22:29:24 UTC
Woops. Just discovered 80 unread messages in ipsec-tools-devel. Will
look at this this week or next.

Comment 4 Bill Nottingham 2004-02-23 22:29:37 UTC
Note that there's also the consideration of shipping openswan.

Comment 5 Kaj J. Niemi 2004-02-23 22:54:14 UTC
This is just IMHO and applies to all vpn software on linux.

From a business/road warrior perspective the clients are of low use
unless they support NAT (Port) Traversal, DPD, integration with one's
IGP, authentication from somewhere else than racoon.conf. IPSec over
udp or tcp would be a nice to have as well. There was a set of patches
to Free/SWAN attempting to nat traversal, afaik. 

I've preferred KAME over Free/SWAN for server to server connections
where there is no NATting between and no ACLs filtering out isakmp/udp
and protocols ESP/AH. It works great on FreeBSD and works pretty nice
on Linux, too.

The Cisco VPN Client is a nice example of a working VPN client. It
doesn't come with full source nor is it free (licenses are usually
included with the VPN Concentrator, the PIX or IOS Easy VPN) but it
really does work everywhere. Someone ought to kick them to make the
client work again with kernel 2.6.2 and up.

Getting back to the topic.. Is CIPE going to stay, too?

Openswan had DPD in their roadmap along with NAT-T, I vote go for it ;-)

Comment 6 Kaj J. Niemi 2004-02-27 23:11:43 UTC
I'll go ahead and close this as 0.2.4 is in rawhide. Thanks.

Note You need to log in before you can comment on or make changes to this bug.