Red Hat Bugzilla – Bug 51851
IPSEC in kernel via FreeS/WAN
Last modified: 2007-04-18 12:35:56 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010725
Description of problem:
encription is always good
FreeS/WAN provides IPSEC connections to other IPSEC devices
i.e. Cisco PIX, FW/1, xBSD
This would allow my company to save lots of time recompiling kernels. I realize
that this will not happen in 7.2 because it is coming out next week, but please
consider it for a future version or at the very least release it in the powertools.
I would also like FreeSWAN added to Red Hat.
I'm implemented CIPE and IPsec with FreeSWAN and I was shocked at the difference
in latency. While the IPsec spec is a big nasty 200+ pager, the protocol quick,
lean and mean.
In my test, no VPN: 59ms latency, IPsec: 65ms latency, CIPE: 85ms latency
I could "feel" the difference in my remote interactive shell sessions.
IPsec includes compression too, I took all the fortune files (2.5MB of text) and
xfered them. No VPN: 98KB/sec, IPSec: 155KB/sec.
Finally, if you are going to create a "VPN concentrator", FreeSWAN supports
hardware crypto accelerators.
And it looks like somebody already did most of the work ...
I like the clean way in which he did it, if you do a (xx)diff of
the spec files you'll see that he only added some lines and as a result
an extra kernel-freeswan-2.4.9-13.i386.rpm is built. It had absolutely no
effect on the other kernels being built as far as I could tell.
So only people to gain from this .. except maybe the extra burden for
RedHat of supporting it ;)
Side note: #57462 can be marked as a duplicate of this.
*** Bug 57462 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of 23604 ***