Feature #2078
closed
Support for RFC 4025 and RFC 4322 - using DNSSEC to hold IPsec config
0%
Description
RFC 4025 and RFC 4322 describe how to use DNSSEC to hold information to relating to the configuration of IPsec Phase 1 and Phase 2 respectively for establishing IPsec tunnels.
Can support for these RFCs be included in OpenIndiana?
Assuming that all the major Firewall vendors also support these RFCs, then establishing VPNs between OpenIndiana could be radically simplified.
Updated by Bayard Bell over 11 years ago
This is an issue for the illumos-gate upstream.
Updated by Bayard Bell over 11 years ago
- Project changed from OpenIndiana Distribution to illumos gate
Updated by r a over 11 years ago
Can this Feature request be updated to support RFC 6071 IP Security (IPSec) and Internet Key Exchange (IKE) using DNSSEC
Updated by Dan McDonald over 9 years ago
- Category set to kernel
- Status changed from New to Feedback
- Priority changed from Normal to Low
- Difficulty changed from Medium to Expert
The IPsec part of this bug (gathering SPD information via DNSSEC) might be possible, but the IKE part is not, due to IKEv1 (in.iked) being closed-source, and IKEv2 being a victim of Oracle.
Updated by Dan McDonald about 9 years ago
- Status changed from Feedback to Closed
Closing this, since 1/2 of it affects a closed-source program, and the other half should be called out separately IF that's the problem you really want solved (IPsec SPD/ipsecconf(1M) input in DNS).