Neustradamus
commented
4 years ago @zoulasc @zmudc: Any news??
Closed Neustradamus closed 4 years ago
Neustradamus
commented
4 years ago @zoulasc @zmudc: Any news??
zoulasc
commented
4 years ago No news (I have not contacted them yet). The reason being that I am too busy to work on this at the moment. If things change I will. Sorry.
zmudc
commented
4 years ago I am able to give some time to this for the rest of 2020. Christos and I were planning on modernizing the code so it would be suitable for inclusion in the netbsd source tree, an effort that is supported by the racoon2-glue project. I stopped work on racoon2 about 16 months ago due to apparent lack of interest, with only christos working on it with me and I could see the effort required to modernize this codebase would be more than I could commit to at that time. If christos is willing to coach me, I am willing to take on the task of working on this (10-20 hours per week) for the rest of 2020 with the goal of having a software package that is useful and suitable for inclusion in the netbsd source tree.
On 12/28/19 6:26 PM, Neustradamus wrote:
@zoulasc https://github.com/zoulasc @zmudc https://github.com/zmudc: Any news??
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zoulasc/racoon2/issues/2?email_source=notifications&email_token=AJVUF7RAIVOY4VFL2KFYW63Q27OCXA5CNFSM4JXFBJD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHYUCOI#issuecomment-569459001, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVUF7TXWPV3TI7TLAMRRQTQ27OCXANCNFSM4JXFBJDQ.
zoulasc
commented
4 years ago I'd be happy to help/mentor in any way I can. I guess the first thing to do is to rebuild and try to get the racoon-glue stuff working again because last time I tried it, it still compiled but did not work.
zmudc
commented
4 years ago That's great, I will start work on this by trying to get it working again in my network environment and go from there.
Neustradamus
commented
4 years ago Not possible to redirect http://racoon2.wide.ad.jp/ (http://www.racoon2.wide.ad.jp/) -> here? Or add informations on the website...? And about http://www.racoon2.wide.ad.jp/ml/racoon2-users/monthly_thread.html...
Please note: https://sourceforge.net/projects/ipsec-tools/ "[PROJECT ABANDONED] IPsec Tools"
zoulasc
commented
4 years ago I have asked around who owns the page and waiting for a response. As for ipsec-tools, this is for the original racoon and friends and the page is owned by NetBSD. Nobody is working on the project so it is declared dead. It would take a lot of work (almost a complete rewrite) to fix all the memory management issues in racoon so we are better off going with racoon2. The question is, is it better to keep working on racoon2 or try to port the iked from OpenBSD? iked started life as a portable daemon, but it has grown too many OpenBSD-specific tentacles.
zmudc
commented
4 years ago I have compiled the latest version of the racoon2 project using racoon2-glue and it compiles and runs on NetBSD. I didn't need to modify either the racoon2 repository or the racoon2-glue repository to get a functioning iked on NetBSD. After tweaking some configuration files, I was able to successfully connect a Windows 10 client using the built-in Windows 10 IKEv2 client using machine certificate authentication.
Regarding using OpenBSD's iked, I can't say if that would be easier than working on racoon2. Regarding ipsec-tools, I still use the setkey from ipsec-tools on NetBSD, and this discussion raises the question: Since ipsec-tools is dead, Is there is a replacement for setkey in NetBSD, or should we also update that tool as part of a modern version of racoon2? My primary use of setkey is to inspect the SPD and SAD and that helps diagnose and fix problems that arise while developing and testing racoon2.
zmudc
commented
4 years ago Since NetBSD owns ipsec-tools and if the owners of racoon2 don't respond, maybe we can rebrand this project as a new ipsec-tools/racoon?
Neustradamus
commented
4 years ago @zmudc: Look here, maybe code to integrate?
zmudc
commented
4 years ago AFAIK Debian recently removed ipsec-tools from it distribution because it is dead. I will check these other derivatives of ipsec-tools and see if they have made any improvements. Unless someone has added IKEv2 to ipsec-tools, I suspect these projects are also dead.
zmudc
commented
4 years ago After looking at the debian, ubuntu, gentoo, openwrt, and archlinux implementations of ipsec-tools, they do not add any new functionality to ipsec-tools/racoon, and most of them only have a few changes in the past several years. Two updates in these distributions were notable: First, most of the distributions patched to support compilation against openssl version 1.0 vs. 1.1. We have addressed that issue already in racoon2, at least for NetBSD. The other issue is a patch to fix the CVE-2016-10396 DoS vulnerability that was patched in racoon. This probably has not been checked in racoon2, so I will investigate to see if racoon2 needs a patch to fix this.
kamadak
commented
4 years ago Hi, I am one of the original team.
The development of racoon2 in WIDE Project has been concluded. The continuation of the development on GitHub is welcomed.
I have been added a link from www.racoon2.wide.ad.jp to this repository as the successor.
zmudc
commented
4 years ago @zoulasc: With @kamadak linking here now as the successor to raccon2, shall we close this issue?
zoulasc
commented
4 years ago Yes, thanks @kamadak san.
Neustradamus
commented
4 years ago @zoulasc: an org https://github.com/racoon2project and move this repository?
@kamadak: It is possible to add the website on github?
It will be nice to have this GitHub in News section, and other part too, remove old links "CVS Repository" and have "Git Repository"...
Remove and redirect http://www.racoon2.wide.ad.jp/cvsweb/racoon2/ to this git?
Download -> all releases in https://github.com/zoulasc/racoon2/releases...
zoulasc
commented
4 years ago I don't want to move it yet because it is not really useable. Once it reaches stability and feature parity with the original racoon by all means. It is like opening a restaurant when the service is not ready. You'll find it hard to convince customers to come back when you've fixed the issues.
kamadak
commented
4 years ago @Neustradamus: When you create a website (on github or anywhere), we will update the link.
We will keep the CVS repository for archaeology and URL stability, so will not remove/redirect the URL. When the new racoon2 is ready, we can add links to the new site, repository, download, and so on.
zmudc
commented
4 years ago I'd be happy to help/mentor in any way I can. I guess the first thing to do is to rebuild and try to get the racoon-glue stuff working again because last time I tried it, it still compiled but did not work.
@zoulasc: It probably does not work for you because of bugs in spmd or in the setkey scripts. I am going to focus on squashing those bugs. Ideally, we should not a setkey script to manage security policies on events such as child-up and child-down, because managing security policies is spmd's job. If we need a setkey script to manage security policies, that means there is a bug in spmd that needs to be squashed.
Neustradamus
commented
4 years ago @zoulasc @zmudc: It will be nice to look the code on GitHub about ipsec-tools and racoon...
zmudc
commented
4 years ago The first page of hits for these searches reveals nothing newer than 2013 - I think this is not very useful for the needs of racoon2 in 2020...
On Mon, Jan 27, 2020 at 6:18 PM Neustradamus notifications@github.com wrote:
@zoulasc https://github.com/zoulasc @zmudc https://github.com/zmudc: It will be nice to look the code on GitHub about ipsec-tools and racoon...
- https://github.com/search?o=asc&q=racoon&s=updated&type=Repositories
https://github.com/search?o=asc&q=ipsec-tools&s=updated&type=Repositories
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zoulasc/racoon2/issues/2?email_source=notifications&email_token=AJVUF7Q3D4OUDAHPCJVACX3Q75TUTA5CNFSM4JXFBJD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKBOBIY#issuecomment-579002531, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVUF7WJ5XMUDE4QHCCBAMLQ75TUTANCNFSM4JXFBJDQ .
Neustradamus
commented
4 years ago It is classed old to new...
zmudc
commented
4 years ago You are right - that's stupid!
On Tue, Jan 28, 2020 at 1:00 PM Neustradamus notifications@github.com wrote:
It is classed old to new...
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zoulasc/racoon2/issues/2?email_source=notifications&email_token=AJVUF7VGSG4MFI737VWTWBLRABXCXA5CNFSM4JXFBJD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKEJTHA#issuecomment-579377564, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVUF7XHLUVZOTWQCJVBVDDRABXCXANCNFSM4JXFBJDQ .
zoulasc
commented
4 years ago Still the problem is that we don't even know if this stuff works at all on Linux... Yes, it somewhat works on NetBSD, but it is not stable or manageable. So until we have stability manageability and working on Linux, we should not advertise it.
zmudc
commented
4 years ago It should be clear that Racoon2 is not stable from the front page of the zoulasc/racoon2 project on github, which displays the README.md file. Here is what we are advertising about Racoon2 in the README.md on the front page:
"Racoon2 is also based on very old code and it is still very buggy. Although Racoon2 can be configured to establish working IPsec connections using both IKEv1 and IKEv2, in its current form, most users who do not have experience configuring IPsec connections will not be able to get a connection working without significant effort. The near-term goals are to reduce the number of bugs that make Racoon2 so difficult to configure, and to create a simpler system for configuring connections correctly so that the level of expertise required to use Racoon2 to establish connections can be reduced to the point where most developers will be able to build, install, and use Racoon2 to get working IPsec connections with minimal effort."
It also should be clear from looking at the fact that there are only two contributors to this project that it will take a while to get Racoon2 to a state where it is possible to use it in a variety of situations and on different platforms. As far as Linux support goes, I just started testing it on Linux this past week. I am able to get L2TP/IPsec connections working well on Linux, with connections to both the iphone and Windows working. But IKEv2 tunnel mode VPN connections are a different story. I was only able to get IPv4 in IPv4 tunnels working. Probably IPv6 in IPv6 would also work. The big problem is that Linux really needs its userland IPsec tools such as the IKEv2 daemon to use netlink to communicate with the kernel, but Racoon2 uses the more standardized but less configurable pfkeyv2 interface to the kernel. I will add a note about Linux compatability to make clear that Racoon2 will not be usable on Linux for more than the most basic functions unless and until a netlink interface to the Linux kernel is implemented in Racoon2. I wish I could do that quickly, but I do not have the time to do that now. It is more important to get Racoon2 working well in configurations other than as a passive VPN server, such as a VPN client or as one or both ends of a site-site VPN tunnel. After that is done, then we can do the netlink interface for Linux. But I am the only contributor and I can only devote about half time to this, so it will take a while. Please be patient.
On Thu, Jan 30, 2020 at 7:43 PM zoulasc notifications@github.com wrote:
Still the problem is that we don't even know if this stuff works at all on Linux... Yes, it somewhat works on NetBSD, but it is not stable or manageable. So until we have stability manageability and working on Linux, we should not advertise it.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zoulasc/racoon2/issues/2?email_source=notifications&email_token=AJVUF7QCMS4UQBY2MMEOXSDRANX3NA5CNFSM4JXFBJD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKNCY7A#issuecomment-580529276, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVUF7RGWWODLCCDNVLH6BDRANX3NANCNFSM4JXFBJDQ .
zmudc
commented
4 years ago I also updated the NEWS file to describe what currently works on Linux and NetBSD. Please be aware that I have not tested any other scenarios such as using racoon2 as a VPN client instead of as a VPN server, and I have not tested it yet as one side of a site-site VPN tunnel. I am ready to start working on simplifying the process of configuring racoon2 as a VPN server and I can say on Linux it works fairly well as an L2TP/IPsec server for Windows or iPhone clients which use IKEv1. For the IKEv2 client, Linux support is not so good yet, but as mentioned in the NEWS file, we are evaluating approaches to improve Linux compatibility. This will not be trivial. We will need to add an interface to the netlink Linux kernel API to racoon2 or possibly develop a racoon2 Linux kernel module that can extend the capabilities of racoon2's pfkey for Linux.
On Wed, Feb 5, 2020 at 10:10 AM Chuck Zmudzinski frchuckz@gmail.com wrote:
It should be clear that Racoon2 is not stable from the front page of the zoulasc/racoon2 project on github, which displays the README.md file. Here is what we are advertising about Racoon2 in the README.md on the front page:
"Racoon2 is also based on very old code and it is still very buggy. Although Racoon2 can be configured to establish working IPsec connections using both IKEv1 and IKEv2, in its current form, most users who do not have experience configuring IPsec connections will not be able to get a connection working without significant effort. The near-term goals are to reduce the number of bugs that make Racoon2 so difficult to configure, and to create a simpler system for configuring connections correctly so that the level of expertise required to use Racoon2 to establish connections can be reduced to the point where most developers will be able to build, install, and use Racoon2 to get working IPsec connections with minimal effort."
It also should be clear from looking at the fact that there are only two contributors to this project that it will take a while to get Racoon2 to a state where it is possible to use it in a variety of situations and on different platforms. As far as Linux support goes, I just started testing it on Linux this past week. I am able to get L2TP/IPsec connections working well on Linux, with connections to both the iphone and Windows working. But IKEv2 tunnel mode VPN connections are a different story. I was only able to get IPv4 in IPv4 tunnels working. Probably IPv6 in IPv6 would also work. The big problem is that Linux really needs its userland IPsec tools such as the IKEv2 daemon to use netlink to communicate with the kernel, but Racoon2 uses the more standardized but less configurable pfkeyv2 interface to the kernel. I will add a note about Linux compatability to make clear that Racoon2 will not be usable on Linux for more than the most basic functions unless and until a netlink interface to the Linux kernel is implemented in Racoon2. I wish I could do that quickly, but I do not have the time to do that now. It is more important to get Racoon2 working well in configurations other than as a passive VPN server, such as a VPN client or as one or both ends of a site-site VPN tunnel. After that is done, then we can do the netlink interface for Linux. But I am the only contributor and I can only devote about half time to this, so it will take a while. Please be patient.
On Thu, Jan 30, 2020 at 7:43 PM zoulasc notifications@github.com wrote:
Still the problem is that we don't even know if this stuff works at all on Linux... Yes, it somewhat works on NetBSD, but it is not stable or manageable. So until we have stability manageability and working on Linux, we should not advertise it.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zoulasc/racoon2/issues/2?email_source=notifications&email_token=AJVUF7QCMS4UQBY2MMEOXSDRANX3NA5CNFSM4JXFBJD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKNCY7A#issuecomment-580529276, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJVUF7RGWWODLCCDNVLH6BDRANX3NANCNFSM4JXFBJDQ .
zoulasc
commented
4 years ago On Feb 5, 11:39am, notifications@github.com (Chuck Zmudzinski) wrote: -- Subject: Re: [zoulasc/racoon2] Contact original team to be the official ne
Thats good. I would stop trying to deal with Linux right now, and focus on NetBSD, or as I mentioned before take a look at isakmpd/openiked...
christos
| I also updated the NEWS file to describe what currently works on Linux and= | =0D | NetBSD. Please be aware that=0D | I have not tested any other scenarios such as using racoon2 as a VPN client= | =0D | instead of as a VPN server,=0D | and I have not tested it yet as one side of a site-site VPN tunnel. I am=0D= |
|---|---|---|---|---|---|---|
| ready to start working on simplifying=0D | ||||||
| the process of configuring racoon2 as a VPN server and I can say on Linux= | ||||||
| =0D | ||||||
| it works fairly well as an L2TP/IPsec=0D | ||||||
| server for Windows or iPhone clients which use IKEv1. For the IKEv2 client,= | ||||||
| =0D | ||||||
| Linux support is not so good yet,=0D | ||||||
| but as mentioned in the NEWS file, we are evaluating approaches to improve= | ||||||
| =0D | ||||||
| Linux compatibility. This will not=0D | ||||||
| be trivial. We will need to add an interface to the netlink Linux kernel=0D= | ||||||
| API to racoon2 or possibly develop a racoon2=0D | ||||||
| Linux kernel module that can extend the capabilities of racoon2's pfkey for= | ||||||
| =0D | ||||||
| Linux.=0D | ||||||
| =0D | ||||||
| On Wed, Feb 5, 2020 at 10:10 AM Chuck Zmudzinski frchuckz@gmail.com wrote= | ||||||
| :=0D | ||||||
| =0D | ||||||
| > It should be clear that Racoon2 is not stable from the front page of the= | ||||||
| =0D | ||||||
| > zoulasc/racoon2 project on github, which displays the README.md file. Her= | ||||||
| e=0D | ||||||
| > is what we are advertising about Racoon2 in the README.md on the front pa= | ||||||
| ge:=0D | ||||||
| >=0D | ||||||
| > "Racoon2 is also based on very old code and it is still very buggy.=0D | ||||||
| > Although Racoon2 can be configured to establish working IPsec connections= | ||||||
| =0D | ||||||
| > using both IKEv1 and IKEv2, in its current form, most users who do not ha= | ||||||
| ve=0D | ||||||
| > experience configuring IPsec connections will not be able to get a=0D | ||||||
| > connection working without significant effort. The near-term goals are to= | ||||||
| =0D | ||||||
| > reduce the number of bugs that make Racoon2 so difficult to configure, an= | ||||||
| d=0D | ||||||
| > to create a simpler system for configuring connections correctly so that= | ||||||
| =0D | ||||||
| > the level of expertise required to use Racoon2 to establish connections c= | ||||||
| an=0D | ||||||
| > be reduced to the point where most developers will be able to build,=0D | ||||||
| > install, and use Racoon2 to get working IPsec connections with minimal=0D= | ||||||
| > effort."=0D | ||||||
| >=0D | ||||||
| > It also should be clear from looking at the fact that there are only two= | ||||||
| =0D | ||||||
| > contributors to this project that it will take a while to get Racoon2 to = | ||||||
| a=0D | ||||||
| > state where it is possible to use it in a variety of situations and on=0D= | ||||||
| > different platforms. As far as Linux support goes, I just started testing= | ||||||
| =0D | ||||||
| > it on Linux this past week. I am able to get L2TP/IPsec connections worki= | ||||||
| ng=0D | ||||||
| > well on Linux, with connections to both the iphone and Windows working. B= | ||||||
| ut=0D | ||||||
| > IKEv2 tunnel mode VPN connections are a different story. I was only able = | ||||||
| to=0D | ||||||
| > get IPv4 in IPv4 tunnels working. Probably IPv6 in IPv6 would also work.= | ||||||
| =0D | ||||||
| > The big problem is that Linux really needs its userland IPsec tools such = | ||||||
| as=0D | ||||||
| > the IKEv2 daemon to use netlink to communicate with the kernel, but Racoo= | ||||||
| n2=0D | ||||||
| > uses the more standardized but less configurable pfkeyv2 interface to the= | ||||||
| =0D | ||||||
| > kernel. I will add a note about Linux compatability to make clear that=0D= | ||||||
| > Racoon2 will not be usable on Linux for more than the most basic function= | ||||||
| s=0D | ||||||
| > unless and until a netlink interface to the Linux kernel is implemented i= | ||||||
| n=0D | ||||||
| > Racoon2. I wish I could do that quickly, but I do not have the time to do= | ||||||
| =0D | ||||||
| > that now. It is more important to get Racoon2 working well in=0D | ||||||
| > configurations other than as a passive VPN server, such as a VPN client o= | ||||||
| r=0D | ||||||
| > as one or both ends of a site-site VPN tunnel. After that is done, then w= | ||||||
| e=0D | ||||||
| > can do the netlink interface for Linux. But I am the only contributor and= | ||||||
| I=0D | ||||||
| > can only devote about half time to this, so it will take a while. Please = | ||||||
| be=0D | ||||||
| > patient.=0D | ||||||
| >=0D | ||||||
| >=0D | ||||||
| > On Thu, Jan 30, 2020 at 7:43 PM zoulasc notifications@github.com wrote:= | ||||||
| =0D | ||||||
| >=0D | ||||||
| >> Still the problem is that we don't even know if this stuff works at all= | ||||||
| =0D | ||||||
| >> on Linux... Yes, it somewhat works on NetBSD, but it is not stable or=0D= | ||||||
| >> manageable. So until we have stability manageability and working on Linu= | ||||||
| x,=0D | ||||||
| >> we should not advertise it.=0D | ||||||
| >>=0D | ||||||
| >> =E2=80=94=0D | ||||||
| >> You are receiving this because you were mentioned.=0D | ||||||
| >> Reply to this email directly, view it on GitHub=0D | ||||||
| >> <https://github.com/zoulasc/racoon2/issues/2?email_source=3Dnotification= | ||||||
| s&email_token=3DAJVUF7QCMS4UQBY2MMEOXSDRANX3NA5CNFSM4JXFBJD2YY3PNVWWK3TUL52= | ||||||
| HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKNCY7A#issuecomment-580529276= | ||||||
| >,=0D | ||||||
| >> or unsubscribe=0D | ||||||
| >> <https://github.com/notifications/unsubscribe-auth/AJVUF7RGWWODLCCDNVLH6= | ||||||
| BDRANX3NANCNFSM4JXFBJDQ>=0D | ||||||
| >> .=0D | ||||||
| >>=0D | ||||||
| >=0D | ||||||
| =0D | ||||||
| =0D | ||||||
| -- =0D | ||||||
| You are receiving this because you were mentioned.=0D | ||||||
| Reply to this email directly or view it on GitHub:=0D | ||||||
| https://github.com/zoulasc/racoon2/issues/2#issuecomment-582576724 | ||||||
| ----==_mimepart_5e3b1a0249665_75203ff0bbccd968784b4 | ||||||
| Content-Type: text/html; | ||||||
| charset=UTF-8 | ||||||
| Content-Transfer-Encoding: quoted-printable | ||||||
| I also updated the NEWS file to describe what currently works on Linux and<= | ||||||
| br>=0D | ||||||
| NetBSD. Please be aware that =0D |
||||||
| I have not tested any other scenarios such as using racoon2 as a VPN client= | ||||||
=0D |
||||||
| instead of as a VPN server, =0D |
||||||
| and I have not tested it yet as one side of a site-site VPN tunnel. I am<br= | ||||||
| >=0D | ||||||
| ready to start working on simplifying =0D |
||||||
| the process of configuring racoon2 as a VPN server and I can say on Linux<b= | ||||||
| r>=0D | ||||||
| it works fairly well as an L2TP/IPsec =0D |
||||||
| server for Windows or iPhone clients which use IKEv1. For the IKEv2 client,= | ||||||
=0D |
||||||
| Linux support is not so good yet, =0D |
||||||
| but as mentioned in the NEWS file, we are evaluating approaches to improve<= | ||||||
| br>=0D | ||||||
| Linux compatibility. This will not =0D |
||||||
| be trivial. We will need to add an interface to the netlink Linux kernel<br= | ||||||
| >=0D | ||||||
| API to racoon2 or possibly develop a racoon2 =0D |
||||||
| Linux kernel module that can extend the capabilities of racoon2's pfkey= | ||||||
| for =0D |
||||||
| Linux. =0D |
||||||
=0D |
||||||
| On Wed, Feb 5, 2020 at 10:10 AM Chuck Zmudzinski <frchuckz@gmail.com>= | ||||||
| wrote: =0D |
||||||
=0D |
||||||
| > It should be clear that Racoon2 is not stable from the front page of t= | ||||||
| he =0D |
||||||
| > zoulasc/racoon2 project on github, which displays the README.md file. = | ||||||
| Here =0D |
||||||
| > is what we are advertising about Racoon2 in the README.md on the front= | ||||||
| page: =0D |
||||||
| > =0D |
||||||
| > "Racoon2 is also based on very old code and it is still very bugg= | ||||||
| y. =0D |
||||||
| > Although Racoon2 can be configured to establish working IPsec connecti= | ||||||
| ons =0D |
||||||
| > using both IKEv1 and IKEv2, in its current form, most users who do not= | ||||||
| have =0D |
||||||
| > experience configuring IPsec connections will not be able to get a = |
||||||
| =0D | ||||||
| > connection working without significant effort. The near-term goals are= | ||||||
| to =0D |
||||||
| > reduce the number of bugs that make Racoon2 so difficult to configure,= | ||||||
| and =0D |
||||||
| > to create a simpler system for configuring connections correctly so th= | ||||||
| at =0D |
||||||
| > the level of expertise required to use Racoon2 to establish connection= | ||||||
| s can =0D |
||||||
| > be reduced to the point where most developers will be able to build,<b= | ||||||
| r>=0D | ||||||
| > install, and use Racoon2 to get working IPsec connections with minimal= | ||||||
=0D |
||||||
| > effort." =0D |
||||||
| > =0D |
||||||
| > It also should be clear from looking at the fact that there are only t= | ||||||
| wo =0D |
||||||
| > contributors to this project that it will take a while to get Racoon2 = | ||||||
| to a =0D |
||||||
| > state where it is possible to use it in a variety of situations and on= | ||||||
=0D |
||||||
| > different platforms. As far as Linux support goes, I just started test= | ||||||
| ing =0D |
||||||
| > it on Linux this past week. I am able to get L2TP/IPsec connections wo= | ||||||
| rking =0D |
||||||
| > well on Linux, with connections to both the iphone and Windows working= | ||||||
| . But =0D |
||||||
| > IKEv2 tunnel mode VPN connections are a different story. I was only ab= | ||||||
| le to =0D |
||||||
| > get IPv4 in IPv4 tunnels working. Probably IPv6 in IPv6 would also wor= | ||||||
| k. =0D |
||||||
| > The big problem is that Linux really needs its userland IPsec tools su= | ||||||
| ch as =0D |
||||||
| > the IKEv2 daemon to use netlink to communicate with the kernel, but Ra= | ||||||
| coon2 =0D |
||||||
| > uses the more standardized but less configurable pfkeyv2 interface to = | ||||||
| the =0D |
||||||
| > kernel. I will add a note about Linux compatability to make clear that= | ||||||
=0D |
||||||
| > Racoon2 will not be usable on Linux for more than the most basic funct= | ||||||
| ions =0D |
||||||
| > unless and until a netlink interface to the Linux kernel is implemente= | ||||||
| d in =0D |
||||||
| > Racoon2. I wish I could do that quickly, but I do not have the time to= | ||||||
| do =0D |
||||||
| > that now. It is more important to get Racoon2 working well in =0D |
||||||
| > configurations other than as a passive VPN server, such as a VPN clien= | ||||||
| t or =0D |
||||||
| > as one or both ends of a site-site VPN tunnel. After that is done, the= | ||||||
| n we =0D |
||||||
| > can do the netlink interface for Linux. But I am the only contributor = | ||||||
| and I =0D |
||||||
| > can only devote about half time to this, so it will take a while. Plea= | ||||||
| se be =0D |
||||||
| > patient. =0D |
||||||
| > =0D |
||||||
| > =0D |
||||||
| > On Thu, Jan 30, 2020 at 7:43 PM zoulasc <notifications@github.com&g= | ||||||
| t; wrote: =0D |
||||||
| > =0D |
||||||
| >> Still the problem is that we don't even know if this stuff wor= | ||||||
| ks at all =0D |
||||||
| >> on Linux... Yes, it somewhat works on NetBSD, but it is not stable= | ||||||
| or =0D |
||||||
| >> manageable. So until we have stability manageability and working o= | ||||||
| n Linux, =0D |
||||||
| >> we should not advertise it. =0D |
||||||
| >> =0D |
||||||
| >> =E2=80=94 =0D |
||||||
| >> You are receiving this because you were mentioned. =0D |
||||||
| >> Reply to this email directly, view it on GitHub =0D |
||||||
| >> <https://github.com/zoulasc/racoon2/issues/2?email_source=3Dnot= | ||||||
| ifications&email_token=3DAJVUF7QCMS4UQBY2MMEOXSDRANX3NA5CNFSM4JXFBJD2YY= | ||||||
| 3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKNCY7A#issuecomm= | ||||||
| ent-580529276>, =0D |
||||||
| >> or unsubscribe =0D |
||||||
| >> <https://github.com/notifications/unsubscribe-auth/AJVUF7RGWWOD= | ||||||
| LCCDNVLH6BDRANX3NANCNFSM4JXFBJDQ> =0D |
||||||
| >> . =0D |
||||||
| >> =0D |
||||||
| > =0D |
||||||
| =0D | ||||||
| =0D | ||||||
| <p DEFANGED_style=3D"font-size:small;-webkit-text-size-adjust:none;color:#6= | ||||||
| 66;">— You are receiving this because you were mentioned. R= |
||||||
| eply to this email directly, <a href=3D"https://github.com/zoulasc/racoon2/= | ||||||
| issues/2?email_source=3Dnotifications&email_token=3DAAENP5KR5KWTIGKQ3ME= | ||||||
| I2P3RBMIYFA5CNFSM4JXFBJD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2Z= | ||||||
| LOORPWSZGOEK4WUVA#issuecomment-582576724">view it on GitHub, or <a href= | ||||||
| =3D"https://github.com/notifications/unsubscribe-auth/AAENP5NDW23VEF3ELNPZ6= | ||||||
| ZLRBMIYFANCNFSM4JXFBJDQ">unsubscribe.<img src=3D"https://github.com/not= | ||||||
| ifications/beacon/AAENP5ICIU5ITQKP2NDKXSLRBMIYFA5CNFSM4JXFBJD2YY3PNVWWK3TUL= | ||||||
| 52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEK4WUVA.gif" height=3D"1" wi= | ||||||
| dth=3D"1" alt=3D"" />=0D | ||||||
| <DEFANGED_script type=3D"application/ld+json">[=0D | ||||||
| {=0D | ||||||
| "@context": "http://schema.org",=0D | ||||||
| "@type": "EmailMessage",=0D | ||||||
| "potentialAction": {=0D | ||||||
| "@type": "ViewAction",=0D | ||||||
| "target": "https://github.com/zoulasc/racoon2/issues/2?email_source=3Dnotif= | ||||||
| ications\u0026email_token=3DAAENP5KR5KWTIGKQ3MEI2P3RBMIYFA5CNFSM4JXFBJD2YY3= | ||||||
| PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEK4WUVA#issuecomme= | ||||||
| nt-582576724",=0D | ||||||
| "url": "https://github.com/zoulasc/racoon2/issues/2?email_source=3Dnotifica= | ||||||
| tions\u0026email_token=3DAAENP5KR5KWTIGKQ3MEI2P3RBMIYFA5CNFSM4JXFBJD2YY3PNV= | ||||||
| WWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEK4WUVA#issuecomment-= | ||||||
| 582576724",=0D | ||||||
| "name": "View Issue"=0D | ||||||
| },=0D | ||||||
| "description": "View this Issue on GitHub",=0D | ||||||
| "publisher": {=0D | ||||||
| "@type": "Organization",=0D | ||||||
| "name": "GitHub",=0D | ||||||
| "url": "https://github.com"=0D | ||||||
| }=0D | ||||||
| }=0D | ||||||
| ] | ||||||
| ----==_mimepart_5e3b1a0249665_75203ff0bbccd968784b4-- | ||||||
| --MIMEStream=_0+5796_3794146175213633_5677378156 | ||||||
| Content-Type: text/sanitizer-log; charset="iso-8859-1" | ||||||
| Content-Transfer-Encoding: 8bit | ||||||
| Content-Disposition: attachment; filename="sanitizer.log" | ||||||
| This message has been 'sanitized'. This means that potentially | ||||||
| dangerous content has been rewritten or removed. The following | ||||||
| log describes which actions were taken. | ||||||
| Sanitizer (start="1580931590"): | ||||||
| Forcing message to be multipart/mixed, to facilitate logging. | ||||||
| Writer (pos="2684"): | ||||||
| Part (pos="2733"): | ||||||
| Part (pos="201"): | ||||||
| SanitizeFile (filename="unnamed.txt", mimetype="text/plain"): | ||||||
| Match (names="unnamed.txt", rule="9"): | ||||||
| Enforced policy: accept | ||||||
| Part (pos="5113"): | ||||||
| SanitizeFile (filename="unnamed.html, filetype.html", mimetype="text/html"): | ||||||
| Match (names="unnamed.html, filetype.html", rule="9"): | ||||||
| Enforced policy: accept | ||||||
| Rewrote HTML tag: >>p style="font-size:small;-webkit-text-size-adjust:none;color:#666;"<< | ||||||
| as: >>_p DEFANGEDstyle="font-size:small;-webkit-text-size-adjust:none;color:#666;"<< | ||||||
| Note: Scripting languages, embedded objects and other "advanced" | ||||||
| features are the primary security risks in HTML. | ||||||
| Rewrote HTML tag: >>script type="application/ld+json"<< | ||||||
| as: >>_DEFANGEDscript type="application/ld+json"<< | ||||||
| Rewrote HTML tag: >>/script<< | ||||||
| as: >>_/DEFANGEDscript<< | ||||||
| Total modifications so far: 3 | ||||||
| Anomy 0.0.0 : Sanitizer.pm | ||||||
| $Id: Sanitizer.pm,v 1.94 2006/01/02 16:43:10 bre Exp $ | ||||||
| --MIMEStream=_0+5796_3794146175213633_5677378156-- |
-- End of excerpt from Chuck Zmudzinski
Neustradamus
commented
3 years ago @zoulasc: Time to move?
It will be nice to see with original Racoon2 team to be the official new dev: