[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec-tools-devel
Subject:    Re: [Ipsec-tools-devel] [Ipsec-tools-users] Looking for advice on
From:       VANHULLEBUS Yvan <vanhu () free ! fr>
Date:       2009-05-18 11:54:44
Message-ID: 20090518120741.GA8568 () zeninc ! net
[Download RAW message or body]

On Mon, May 18, 2009 at 07:20:15AM -0400, Philip Bellino wrote:
> Hello,

Hi.


[...]
> We will be using a vendor's onboard chip and it has their own IPsec
> imbedded in it.  It has no key management (IKE or IKEv2) capabilities.
> We are looking into possibly using  some open source (as yet to be
> determined) on the host for IKE and/or IKEv2 only.  
> A shim will be developed by us to get the IKE info down to the chip for
> IPsec to use.  
> 
> 1.  Is this possible with ipsec-tools or racoon2?

Probably:
The chip needs some driver at kernel level.
If such driver implements a PFKeyV2 interface to userland, racoon (and
I guess also racoon2) will be able to send/get informations to/from
the IPsec stack, as if it was the "usual" IPsec stack.

Of course, PFKey extensions (which are not well standardized) will be
very important if you expect full features (for example NAT-Traversal
support...).



> 2.  Has anyone accomplished this with either source?

Don't know, but I'm very interested in any postive answer !


Yvan.

------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables 
unlimited royalty-free distribution of the report engine 
for externally facing server and web deployment. 
http://p.sf.net/sfu/businessobjects
_______________________________________________
Ipsec-tools-devel mailing list
Ipsec-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
[prev in list] [next in list] [prev in thread] [next in thread]