[Xorp-users] Firewall support and OpenSwan interoperability with XORP

[Patricio Latini]

I have xorp running in the same machine than openswan as L2TP/IPSEC tunnel
terminator without any issues.

 

Patricio

 

From: xorp-users-bounces at xorp.org [mailto:xorp-users-bounces at xorp.org] On
Behalf Of Amir Naftali
Sent: Monday, December 19, 2011 10:38 AM
To: xorp-users at xorp.org
Subject: [Xorp-users] Firewall support and OpenSwan interoperability with
XORP

 

Hi,

 

I'm a newbe to XORP (just started few days ago), I have compiled and run it
on Fedora 16 (latest) and it looks good 

(followed instructions and everything went very smooth, the required
ip_table.h changes were a bit different than stated 

in the bug since the .h file has changed a bit but it was a no brainer to
adopt)

  

I have few questions around the netfilter support and interoperability with
IPSec implementations...

 

- is there a way to sync configuration with the existing state of the
machine (so for example i load xorp_rtrmgr with empty 

config file and sync it with the current interface configuration, routing
data and firewall policies)?

 

- Is there support for statefull inspection in the configuration  and
policies? if not is there any plans for supporting it?

- Is there support for more granular icmp/igmp firewall policies (i have
seen any from the CLI)? if not than same questions as above?

 

- Has anyone tried to see if openswan (or any other ipsec/ike
implementation) works well with XORP(on the same machine)? any known issues?

 

Amir

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20111220/43636183/attachment.html