[vpnc-devel] Working on certificate authentication ...
jmvpnc at loplof.de
Thu Aug 10 16:27:29 CEST 2006
On Thu, Aug 10, 2006 at 04:17:07PM +0200, Hans-Werner Hilse wrote:
> Because there's ipsec-tools/racoon. It does all of this already and has
> gotten a decent certificate, hybrid-auth, PSK and Xauth support as well
> as (real) keep-alive, dead peer detection and rekeying support. It
> should be possible to use it instead of vpnc for most use cases.
> And it is most likely a complex task to have the same level of features
> in vpnc that racoon has. Look at racoon's implementation to get an idea
> of that.
I really disagree here: vpnc has three very strong points (and 2 very
weak ones that I won't mention ;)
1) 1-2 small/tiny tools
2) Very easy to configure
3) works on many platforms (basically on every platform that supports
OKOK, I will mention the weak ones...
1) no certificate support
2) the codestructure is *terrible*, so adding proper rekeying and the like
is an interesting exercise best left to someone else ;-)
Joerg Mayer <jmayer at loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
More information about the vpnc-devel