Future of VPN: CIPE or IPSEC?
Felipe Alfaro Solana
felipe_alfaro at linuxmail.org
Wed Nov 19 10:28:17 UTC 2003
On Wed, 2003-11-19 at 10:30, Christians, Stefan Mr. wrote:
> 1) The reasons we had for choosing IPSEC over CIPE turned out to be
> non-issues (all arguments we had for using IPSEC were never used, needed
> or implemented).
I have heard that CIPE is plagued of security problems and lacks a good
design. IPSec, however, is a backport of the same functionality from
IPv6 and I think it's a proven technology.
> So now the big question for us is whether we should migrate our VPN
> routers to Fedora Core 1 and convert them to CIPE, or whether we should
> wait a few more months until the 2.6 kernel with integrated IPSEC is
> included in the standard distribution.
AFAIK, Fedora kernel doesn't rely on FreeSWAN anymore. Instead, they
have backported the IPSec code from 2.6 kernels that is based on
KAME/USAGI stack.
> The key question here is whether CIPE will be maintained as a Fedora
> Package once the 3.6 kernel is distributed, or whether it will gradually
> be phased out. We want to avoid converting to CIPE now and then back to
> IPSEC again after a year.
I think you'd better stick with IPSec.
More information about the users
mailing list