[Vpn-announce] 2.0 Development Update
Matthew Grooms
mgrooms at shrew.net
Thu Nov 2 13:16:38 CST 2006
All,
Its been some time since I have submitted a post to the list so I
thought it was time for a 2.x development update. First of all, please
don't take the lack of posts on my part as a sign that progress is not
being made. The truth is that the branch has seen so much change
recently that I don't feel comfortable with releasing any new builds
until the code base has once again stabilized. Here is the short list of
accomplishments since the last alpha release.
The ipsec daemon has been split into two new daemons named ipsecd and
iked. The former is responsible for ipsec packet processing and the
latter is a stand alone key management daemon.
The ike daemon has been ported to FreeBSD. Future ports to other open
source operating systems should not pose much of a challenge. This
component will be released under an free open source license. A port of
ipsecd will not be necessary as all target platforms should already
provide the required kernel ipsec support. A reference site manager and
client application will also be provided for either the gnome or kde
desktop environment.
The ike daemon now has the ability to negotiate bundled proposals and
establish security associations for compound policies such as ESP + IPCOMP.
A c++ pfkey library has been written to provide a kernel interface for
key management on open source platforms. The same library is used to
communicate between iked and ipsec on win32 using a secure named pipe.
A c++ event timer library has been written replaced the relatively
inefficient sweep model previously used to handle packet resend, dpd and
sa timeout events.
The iked reference counting and locking model has been reworked to be
more reliable and less error prone. A concerted effort is being made to
allow thread pools to be employed which will allow for a high level of
parallelism with respect to simultaneous peer sa negotiations.
I have every intention of providing the next release of this
product in as timely a fashion as possible. As for a new alpha release,
I hope to make one available before the end of November. With any luck,
the 2.x series will not only bring a much improved and free IPSEC Client
for use on Windows, but a solid open source solution for use with BSD
and Linux operating systems as well.
Thanks again for everyones continued support,
-Matthew
More information about the vpn-announce
mailing list