Replace your Cisco 3000 VPN concentrator with NetBSD
Emmanuel Dreyfus has been working on integrating NAT Traversal
and replaced the KAME based racoon with the feature-enhanced
"ipsec-tools" version in NetBSD. Thanks to this, NetBSD can now be
setup to replace Cisco 3000 VPN concentrators, while Cisco VPN
clients can still be used, talking to NetBSD instead.
There are many more changes that come with the ipsec-tools, including
dead peer detection, privilege separation, IKE mode config, IKE and
ESP fragmentation, configurable path to certificate authority,
and hook scripts. See Emmanuel's
mail for a more complete list!
[Tags: Security, vpn]