From aaa0331ecf95ced1e913ac9be50168cf0e7cbb82 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Tue, 30 Jan 2007 12:21:07 +0000 Subject: [svn-upgrade] Integrating new upstream version, strongswan (2.8.2) --- doc/interop.html | 983 ------------------------------------------------------- 1 file changed, 983 deletions(-) delete mode 100644 doc/interop.html (limited to 'doc/interop.html') diff --git a/doc/interop.html b/doc/interop.html deleted file mode 100644 index 1cd7b9e78..000000000 --- a/doc/interop.html +++ /dev/null @@ -1,983 +0,0 @@ - - - -Introduction to FreeS/WAN - - - - -Contents -Previous -Next -

- -

Interoperating with FreeS/WAN

The FreeS/WAN project needs you! We rely on the user community to - keep up to date. Mail users@lists.freeswan.org with your interop - success stories.

Please note: Most of our interop examples feature - Linux FreeS/WAN 1.x config files. You can convert them to 2.x files - fairly easily with the patch in our - Upgrading Guide.

Interop at a Glance

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	FreeS/WAN VPN					Road Warrior	-OE
	PSK	RSA Secret	X.509 - (requires patch)	-NAT-Traversal - (requires patch)	-Manual - Keying
More Compatible
FreeS/WAN -	Yes	-Yes	Yes	-Yes	Yes	-Yes	Yes
isakmpd (OpenBSD) -	Yes		-Yes		Yes		-No
Kame (FreeBSD, - NetBSD, MacOSX) - aka racoon	Yes	Yes	-Yes		-Yes		No
McAfee VPN - was PGPNet	Yes	Yes	-Yes			-Yes	No
Microsoft - Windows 2000/XP	-Yes		Yes		-	Yes	-No
SSH Sentinel -	Yes		-Yes	Maybe		Yes	No
Safenet SoftPK - /SoftRemote	-Yes		Yes		-	Yes	-No
Other
6Wind		-	Yes				-No
Alcatel Timestep -	Yes				-		No
Apple Macintosh - System 10+	-Maybe	Yes	-Maybe		Maybe	-	No
AshleyLaurent - VPCom	-Yes						No
Borderware -	Yes				-	No	-No
Check Point FW-1/VPN-1 -	Yes		-Yes			Yes	-No
Cisco with 3DES	-Yes	Maybe -		Maybe		-	No
Equinux VPN Tracker - (for Mac OS X)	-Yes	Yes	-Yes		Maybe	-	No
F-Secure	-Yes			-Maybe	Yes	-Yes	No
Gauntlet GVPN -	Yes		-Yes				-No
IBM AIX	-Yes		Maybe	-			No
IBM AS/400	Yes					-	No
Intel Shiva - LANRover/Net Structure	-Yes						No
LanCom (formerly ELSA) -	Yes			-			No
Linksys	-Maybe		-No			Yes	-No
Lucent	Partial					-	No
Netasq	-		Yes			-	No
netcelo	-		Yes			-	No
Netgear fvs318 -	Yes				-		No
Netscreen 100 - or 5xp	-Yes					-Maybe	No
Nortel Contivity -	Partial		-Yes	Maybe		-	No
RadGuard	-Yes					-	No
Raptor	Yes				-Yes		No
Redcreek Ravlin -	Yes/Partial -						-No
SonicWall	-Yes				Maybe	No	-No
Sun Solaris	Yes		Yes -		Yes		No
Symantec	-Yes					-	No
Watchguard - Firebox	-Yes				-Yes		No
Xedia Access Point - /QVPN	-Yes						No
Zyxel Zywall - /Prestige	-Yes						No
	PSK	RSA Secret	X.509 - (requires patch)	-NAT-Traversal - (requires patch)	-Manual - Keying
	FreeS/WAN VPN					Road Warrior	-OE

Key

- - - - - - - -

Yes	People report that this - works for them.
[Blank]	We don't know.
No	We have reason to - believe it was, at some point, not possible to get this to work.
Partial	Partial success. - For example, a connection can be created from one end only.
Yes/Partial -	Mixed reports.
Maybe	We think the answer - is "yes", but need confirmation.

- -

Basic Interop Rules

Vanilla FreeS/WAN implements these parts - of the IPSec specifications. You can add more with - Super FreeS/WAN, but what we offer may be enough for many users.

To use X.509 certificates with FreeS/WAN, you will need the - X.509 patch or Super FreeS/WAN -, which includes that patch.
To use Network Address - Translation (NAT) traversal with FreeS/WAN, you will need Arkoon - Network Security's NAT - traversal patch or Super FreeS/WAN -, which includes it.

We offer a set of proposals which is not user-adjustable, but covers - all combinations that we can offer. FreeS/WAN always proposes triple - DES encryption and Perfect Forward Secrecy (PFS). In addition, we - propose Diffie Hellman groups 5 and 2 (in that order), and MD5 and - SHA-1 hashes. We accept the same proposals, in the same order of - preference.

Other interop notes:

A - SHA-1 bug in FreeS/WAN 2.00, 2.01 and 2.02 may affect some interop - scenarios. It does not affect 1.x versions, and is fixed in 2.03 and - later.
Some other implementations will close a connection with FreeS/WAN - after some time. This may be a problem with rekey lifetimes. Please see - this tip and - this workaround.

For FreeBSD and NetBSD. Ships with Mac OS X; see also our - Mac section.
Also known as racoon, its keying daemon.

Kame homepage, with FAQ -
- NetBSD's IPSec FAQ -
- Ghislaine's post explaining some interop peculiarities

- Itojun's Kame-FreeS/WAN interop tips (PSK) -
Ghislaine - Labouret's French page with links to matching FreeS/WAN and Kame - configs (RSA) -
Markus - Wernig's HOWTO (X.509, BSD gateway) -
- Frodo's Kame-FreeS/WAN interop (X.509) -
Kame as a WAVEsec - client.

As tunnel endpoint

In IPsec passthrough mode