[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN/IPsec routing
"Denis A. Doroshenko" wrote:
> while i'm sure i will try with sentinel, i can tell you that it was
> evaluation version of pgp 7.1 (yep, i was evaluating indeed). would be
> strange if evaluation app wouldn't work, how one could evaluate it then?
Don't ask me that, never quite understood the bizarre mind of software
dealers :-). Anyway, if the evaluation app has the same restrictions as the
freeware (or if we are talking about the same thing but calling it other
names), you won't be able to use the gateway features available on the
commercial version.
>
>
> well, sentinel look a bit more advanced and simpler at the same time
> (sounds strangely :-). somehow it reminds me obsd IPsec implementation,
> with policy, and other stuff.
I must say that I liked Sentinel a lot, and also found it simple, yet
powerful.
>
>
> however, however. my problem, as you could see, was obsd gw related, i
> hope it won't beat me with sentinel, that will mean that with pgp
> isakmpd configures the kernle in somewhat "incorrect" way, and packets
> are not routed as they should be. BTW, are you sure stable isakmpd is
> capable of negotiation of non-legacy proposals? i tend to use more or
> less consistent kernel/userland, so current isakmpd on stable system
> makes my hairs moving [well, kind of :-)]
isakmpd -stable is capable of negotiating non-legacy proposals, but
-release is not. See:
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/ipsec.c?rev=1.58.2.1&content-type=text/x-cvsweb-markup
I'm using Sentinel with isakmpd -stable right now on a testbed.
[]'s,
Rafael Coninck Teigao
VP
SafeCore Network Solutions
http://SafeCore.NET
+55 41 224 1785
--
-------------------------------------------------------------------------------
People should focus on the SOLUTION, not on the problem.
-------------------------------------------------------------------------------