Project

General

Profile

Feature #929

Cisco VPN tunnel

Added by Maxim Kondratovich over 9 years ago. Updated over 9 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
tools - gate/build tools
Start date:
2011-04-19
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

I think that it is really necessary to be able to use Cisco VPN tunnels.

History

#1

Updated by Dan McDonald over 9 years ago

  • Difficulty set to Medium
  • Tags set to needs-triage

To communicate with a cisco VPN concentrator, you need one of three distinct sets of technology.

1.) The "AnyConnect" solution requires IP-over-{dTLS,TLS,SSL} and supporting infrastructure. IP-over-{dTLS,TLS,SSL} requires kernel work. The supporting infrastructure is still an issue as well.

2.) The traditional "cisco VPN" requires IPsec (which we have) and two extensions to IKE (which is closed-source): XAUTH and MODE-CFG. Creating an open-source IKEv1 with these two extensions would solve this problem.

3.) IKEv2 has in its base specification the equivalent functionalities of XAUTH and MODE-CFG. There is a community IKEv2 project underway, and helping that would help this.

Also available in: Atom PDF