On 2018-08-30 22:06, Daniel Polak wrote:
> On 30/08/2018 17:39, Philipp Buehler wrote:
>> I was not following development too closely, but I think that on the
>> kernel side
>> things have not changed. Which means iked and isakmpd will happily
>> "toe tap"
>> on each others SADB in the kernel (even if there is *some* PID
>> handling).
>>
>> Would like to hear if kernel side has "improved" lately, but the
>> overall standpoint
>> looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in
>> iked some "months ago").
> Why would IKEv1 be dead if the stubs were removed from iked? There is
> still isakmpd and that works pretty well.
>
> Also I see many companies that still use IKEv1 and it would be
> unpleasant if there was no way to connect to them with OpenBSD.
We use isakmpd to interconnect 30ish routers and I would like to switch
to iked, but since there is no support to run both at the same time it
makes it quite hard to migrate slowly. Will basically need to do it all
at the same time and that is not very good for SLAs which complicates
things. Or am I missing something?
--
Tommy
No comments:
Post a Comment