|
Hello,
On Thu, 25 Apr 2002, Wayne wrote:
> > Yes, the list looks complete? Anything to add?
>
> What about those protocol other than TCP/UDP for VPN
> to work? Are they getting into any release in the near
I can confirm that almost everything mentioned
in http://www.linuxvirtualserver.org/~julian/LVS_IPSEC.txt
works as expected, i.e. ESP tunneling over DR and NAT (TUN not
tested, should work) are tested successfully (you need iparp for
FreeSWAN to handle the ARP problem, though, also FQDN or ASN1_DN
identification, IPV4_ADDR does not work for NAT). The things
that remain are reworking the state tables and the application
support to allow more control over the connection tracking, handled
from protocol or app (which is the case with ISAKMP, L2TP and
friends). This will give, for example, to ISAKMP more robust
action against attacks which is the only thing not implemented
currently for IPSec.
Don't expect these protos to run in 2.2, the masquerade
does not preserve the UDP ports and we don't want to break the
stable version there which doesn't contain all features from LVS/2.4.
Currently we are rewriting the 1.0.x version and are
planning to release something like devel 1.1.0 which will
include the mentioned changes for IPSec and will open the doors
for supporting new TCP/UDP applications, new protocols, etc.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
