Re: free s/wan (really interoperability)

From: Tina Bird (tbirdat_private)
Date: Tue Oct 05 1999 - 15:40:20 PDT

Next message: fgbat_private: "DMZ or not ?"

Previous message: Bill_Roydsat_private: "Re: free s/wan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The ICSA performs interoperability tests between different vendors' versions of
IPSec -- as I understand it, mostly in server-to-server mode, but with at
least a 
few client-to-server tests as well.  The test results are posted at

http://www.icsa.net/services/products_cert/ipsec/certified_products.shtml

As I understand it, a few of the free VPN products (notably FreeS/WAN and
OpenBSD's IPSec) test against products which have succeeded in the 
interoperability tests, but I don't think they participate -- probably
costs too
much.  [Although note that FreeS/WAN development lags the current 
state of IPSec, not to mention the current state of Linux -- it doesn't support
certificate authorities unless something has changed very recently.]

As of 9 September 1999, 12 vendors had one or more products certified.

cheers -- Tina Bird

At 01:23 PM 10/05/1999 -0500, R. DuFresne wrote:
>On Tue, 5 Oct 1999, Joseph S D Yao wrote:
>
>> Ron DuFresne had asked:
>> > Are there any VPN products that do not require the same setup on both ends
>> > to impliment?  (i.e. VPN products that are cross-compatible with other
>> > products out there)
>> 
>> There is IPsec VPN server software out there that is sold without a
>> client - one is directed to several other companies that make IPsec
>> clients.  So it would seem that the answer, probably with some caveats,
>> is, "yes."
>> 
>> If you consider 'ssh' tunnels to be VPNs [you can do PPP through them],
>> then there are also multiple implementations of 'ssh' and 'sshd'.
>> 
>
>
>Okay, I can see the point here with sshd and the various ssh
>implementations.  But, I'm more looking at this from a slightly different
>perspective.  free s/wan as I understand it requires another free s/wan
>box on the otherside of the connection.  I'm trusting the same is the case
>with cisco's VPN solution<s> and most likely with FW1's implementation, as
>well as many of the other offerings.  Are any as flexible or nearly as
>flexible in interoperability as the ssh/sshd implementations mentioned
>thus far?
>
>
>Thanks,
>
>Ron DuFresne
>-- 
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>        admin & senior consultant:  darkstar.sysinfo.com
>                  http://darkstar.sysinfo.com
>
>"Cutting the space budget really restores my faith in humanity.  It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation."
>                -- Johnny Hart
>
>testing, only testing, and damn good at it too!

Next message: fgbat_private: "DMZ or not ?"
Previous message: Bill_Roydsat_private: "Re: free s/wan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:27 PDT