Red Hat Bugzilla – Bug 51851
IPSEC in kernel via FreeS/WAN
Last modified: 2007-04-18 12:35:56 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010725 Description of problem: encription is always good FreeS/WAN provides IPSEC connections to other IPSEC devices i.e. Cisco PIX, FW/1, xBSD Additional info: http://www.freeswan.org/doc.html http://www.freeswan.org/freeswan_trees/freeswan-1.91/CHANGES
This would allow my company to save lots of time recompiling kernels. I realize that this will not happen in 7.2 because it is coming out next week, but please consider it for a future version or at the very least release it in the powertools.
I would also like FreeSWAN added to Red Hat. I'm implemented CIPE and IPsec with FreeSWAN and I was shocked at the difference in latency. While the IPsec spec is a big nasty 200+ pager, the protocol quick, lean and mean. In my test, no VPN: 59ms latency, IPsec: 65ms latency, CIPE: 85ms latency I could "feel" the difference in my remote interactive shell sessions. IPsec includes compression too, I took all the fortune files (2.5MB of text) and xfered them. No VPN: 98KB/sec, IPSec: 155KB/sec. Finally, if you are going to create a "VPN concentrator", FreeSWAN supports hardware crypto accelerators.
And it looks like somebody already did most of the work ... http://www.platypus.bc.ca/~bishop/software/freeswan/ I like the clean way in which he did it, if you do a (xx)diff of the spec files you'll see that he only added some lines and as a result an extra kernel-freeswan-2.4.9-13.i386.rpm is built. It had absolutely no effect on the other kernels being built as far as I could tell. So only people to gain from this .. except maybe the extra burden for RedHat of supporting it ;) Side note: #57462 can be marked as a duplicate of this.
*** Bug 57462 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of 23604 ***