Openswan - IPsec on Linux for the Future

The world of IPsec on Linux is a confusing one at the moment. With Kernel 2.6 came a new IPsec kernel stack, combined with 2 userland toolkits (one of which has 3 forks) has lead to mass confusion at the end user level. All of this leaves users without a clue on where to start, which packages to use, and what features they need to get the job done. This paper compares and contrasts the 2 main userland toolkits for the 2.6 stack, as well as differences in the new kernel stack. It will also go into detail into some of the more recent features added into the userland tools, including NAT-Traversal, and talk about current major developments in the IPsec on Linux world.

Ken Bantoft starting programming in 1988, and successfully avoided doing it as a full time job until 2002. He opted instead to focus on Unix, Networking, and Linux. He now spends his days managing technology for The Blueprint Initiative - an effort to develop, host and maintain public protein interaction biological databases and related tools. After OLS2002, he starting working alongside the FreeS/WAN project, integrating various patches into his own fork of their code - Super FreeS/WAN. That has since been renamed to Openswan, and is still under active development today. Ken's previous jobs included Team Leader of Linux Services at IBM Canada, and as a Network Engineer for CIBC.