[Vpn-announce] 2.0 Development Update

Matthew Grooms mgrooms at shrew.net
Thu Nov 2 13:16:38 CST 2006 

All,

     Its been some time since I have submitted a post to the list so I 
thought it was time for a 2.x development update. First of all, please 
don't take the lack of posts on my part as a sign that progress is not 
being made. The truth is that the branch has seen so much change 
recently that I don't feel comfortable with releasing any new builds 
until the code base has once again stabilized. Here is the short list of 
accomplishments since the last alpha release.

The ipsec daemon has been split into two new daemons named ipsecd and 
iked. The former is responsible for ipsec packet processing and the 
latter is a stand alone key management daemon.

The ike daemon has been ported to FreeBSD. Future ports to other open 
source operating systems should not pose much of a challenge. This 
component will be released under an free open source license. A port of 
ipsecd will not be necessary as all target platforms should already 
provide the required kernel ipsec support. A reference site manager and 
client application will also be provided for either the gnome or kde 
desktop environment.

The ike daemon now has the ability to negotiate bundled proposals and 
establish security associations for compound policies such as ESP + IPCOMP.

A c++ pfkey library has been written to provide a kernel interface for 
key management on open source platforms. The same library is used to 
communicate between iked and ipsec on win32 using a secure named pipe.

A c++ event timer library has been written replaced the relatively 
inefficient sweep model previously used to handle packet resend, dpd and 
sa timeout events.

The iked reference counting and locking model has been reworked to be 
more reliable and less error prone. A concerted effort is being made to 
allow thread pools to be employed which will allow for a high level of 
parallelism with respect to simultaneous peer sa negotiations.

     I have every intention of providing the next release of this 
product in as timely a fashion as possible. As for a new alpha release, 
I hope to make one available before the end of November. With any luck, 
the 2.x series will not only bring a much improved and free IPSEC Client 
for use on Windows, but a solid open source solution for use with BSD 
and Linux operating systems as well.

Thanks again for everyones continued support,

-Matthew

More information about the vpn-announce mailing list