OpenBSD Journal

IPSec Hackathon underway

Contributed by marco on from the ipsec dept.

The OpenBSD IPSec hackathon is underway here at Castle Kransberg in Germany. We took 14 developers specializing in IPSec and sequestered them in a castle in the German countryside. From the first hour, the atmosphere has been focussed and at times very intense.

Some of the things that are being hacked on:

  • pf tagging of IPSec packets based on the remote peer ID
  • sasyncd and carp interaction with IPSec
  • improved documentation for VPN setups
  • interoperability with popular IPSec implementations
  • getting tcpdump to behave with ESP and IPv6
  • trying to fix bugs and improve performance

    There is a lot of pressure to take advantage of these few days to solve some really hard problems and also to start hacking on IPSec improvements for release 4.1.

    Schloss +Kransberg is a castle built in the middle ages and now owned by Klaus Landefeld, co-founder of DE-CIX and the founder of the international ISP Nacamar. The castle has been completely renovated on the inside, and we have made our hacking room in one of the offices in the business center. It is an ideal place for hacking because of the modern infrastructure (WiFi, fiber, and gigabit Ethernet everywhere with a very fast link to the Internet). The geography is also very convenient for us -- only about 40km from Frankfurt which made it an easy flight for developers coming from North America and Japan.

(Comments are closed)


Comments
  1. By Venture37 (217.22.88.123) venture37 # hotmail DOT com on www.geeklan.co.uk

    good luck guys!

    >(WiFi, fiber, and gigabit Ethernet everywhere with a very fast link to the Internet)
    Wow, I didn't know they had gigabit fibre in the middle ages?! :)
    photos plz??

  2. By Ryan McBride (193.41.124.11) mcbride@openbsd.org on

    I've got some photos online, mostly of the castle at this point... more will be going up on a regular basis.

    Comments
    1. By Venture37 (217.22.88.123) venture37 # hotmail DOT com on www.geeklan.co.uk

      > I've got some photos online, mostly of the castle at this point... more will be going up on a regular basis.


      Looks cosey :)
      http://static.flickr.com/91/228358151_1cb65ed78f.jpg?v=0

    2. By MotleyFool (134.253.26.10) on

      > I've got some photos online, mostly of the castle at this point... more will be going up on a regular basis.

      You sure mickey isn't a sailor? In the pictures he looks like he just stepped off a ship from the mid-1800s.

      Comments
      1. By Anonymous Coward (69.246.68.23) on

        > > I've got some photos online, mostly of the castle at this point... more will be going up on a regular basis.
        >
        > You sure mickey isn't a sailor? In the pictures he looks like he just stepped off a ship from the mid-1800s.
        >

        lol.... funniest picture on there!

        These are the leaders in secure software.. don't they look like it? :)

      2. By wim (194.78.167.231) wim@kd85.com on https://kd85.com/notforsale.html

        > You sure mickey isn't a sailor? In the pictures he looks like he just stepped off a ship from the mid-1800s.

        We all know that Mickey is pirate, not a sailor!

  3. By Anonymous Coward (212.98.136.37) on

    Unless i missed something it seems that after Blob fighting the 4.0 release theme is going to be around IPsec and/or ipv6.But other then that it is going to be great :D .
    Best.

    Comments
    1. By Anonymous Coward (87.78.89.185) on

      > Unless i missed something it seems that after Blob fighting the 4.0 release theme is going to be around IPsec and/or ipv6.But other then that it is going to be great :D .
      > Best.

      You missed the 4.0 treefreeze and the 4.1 figure in the article.

  4. By Anonymous Coward (199.245.105.1) on

    Is anyone working on IKEv2 (RFC 4306) support for isakmpd?

    Comments
    1. By Anonymous Coward (87.78.91.153) on

      > Is anyone working on IKEv2 (RFC 4306) support for isakmpd?
      [http://www.ietf.org/rfc/rfc4306.txt]

      What are the main improvements of IKEv2 over v1?

      Comments
      1. By Anonymous Coward (199.245.105.1) on

        > > Is anyone working on IKEv2 (RFC 4306) support for isakmpd? > [http://www.ietf.org/rfc/rfc4306.txt] > > What are the main improvements of IKEv2 over v1? See Appendix A of said RFC. They are all excellent points. The short translation is that it is intended to be less complex and therefore easier to implement correctly and safely. IKEv1 and its updates were basically a disaster.

        Comments
        1. By Anonymous Coward (87.78.91.153) on

          > > > Is anyone working on IKEv2 (RFC 4306) support for isakmpd?
          > > [http://www.ietf.org/rfc/rfc4306.txt]
          > >
          > > What are the main improvements of IKEv2 over v1?
          >
          > See Appendix A of said RFC. They are all excellent points. The short translation is that it is intended to be less complex and therefore easier to implement correctly and safely. IKEv1 and its updates were basically a disaster.

          oh, got distracted too fast.
          think that will be a christmas gift.

  5. By BdB (62.163.31.144) on

    Return to Castle Wolfenstein


    - just couldnt resist

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]