Firewall Wizards mailing list archives

Re: free s/wan (really interoperability)

From: Tina Bird <tbird () secnetgroup com>
Date: Tue, 05 Oct 1999 17:40:20 -0500

The ICSA performs interoperability tests between different vendors' versions of
IPSec -- as I understand it, mostly in server-to-server mode, but with at
least a 
few client-to-server tests as well.  The test results are posted at

http://www.icsa.net/services/products_cert/ipsec/certified_products.shtml

As I understand it, a few of the free VPN products (notably FreeS/WAN and
OpenBSD's IPSec) test against products which have succeeded in the 
interoperability tests, but I don't think they participate -- probably
costs too
much.  [Although note that FreeS/WAN development lags the current 
state of IPSec, not to mention the current state of Linux -- it doesn't support
certificate authorities unless something has changed very recently.]

As of 9 September 1999, 12 vendors had one or more products certified.

cheers -- Tina Bird

At 01:23 PM 10/05/1999 -0500, R. DuFresne wrote:

On Tue, 5 Oct 1999, Joseph S D Yao wrote:

Ron DuFresne had asked:

Are there any VPN products that do not require the same setup on both ends
to impliment?  (i.e. VPN products that are cross-compatible with other
products out there)


There is IPsec VPN server software out there that is sold without a
client - one is directed to several other companies that make IPsec
clients.  So it would seem that the answer, probably with some caveats,
is, "yes."

If you consider 'ssh' tunnels to be VPNs [you can do PPP through them],
then there are also multiple implementations of 'ssh' and 'sshd'.



Okay, I can see the point here with sshd and the various ssh
implementations.  But, I'm more looking at this from a slightly different
perspective.  free s/wan as I understand it requires another free s/wan
box on the otherside of the connection.  I'm trusting the same is the case
with cisco's VPN solution<s> and most likely with FW1's implementation, as
well as many of the other offerings.  Are any as flexible or nearly as
flexible in interoperability as the ssh/sshd implementations mentioned
thus far?


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       admin & senior consultant:  darkstar.sysinfo.com
                 http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
               -- Johnny Hart

testing, only testing, and damn good at it too!

Current thread:

free s/wan Siglite (Oct 04)
- Re: free s/wan R. DuFresne (Oct 05)
  - Re: free s/wan Siglite (Oct 05)
  - Re: free s/wan (really interoperability) Joseph S D Yao (Oct 05)
    - Re: free s/wan (really interoperability) R. DuFresne (Oct 05)
    - Message not available
    - Re: free s/wan (really interoperability) Tina Bird (Oct 06)
    - RE: free s/wan (really interoperability) Kurt Buff (Oct 12)
- <Possible follow-ups>
- Re: free s/wan Bill_Royds (Oct 06)