Contributed by jose on from the NAT-traversal dept.
I've been using OpenBSD for years and I just love it but I am forced to use linux slack to implement vpn with nat-t (still ietf draft) using superfreeswan.
I've already used isakmpd but in our case is mandatory to support nat-t.
So... is there any way to implement vpn using nat-t on openbsd? Thanks in advance."
(Comments are closed)
By Aha! () on
http://www.deadly.org/article.php3?sid=20031024105820&mode=flat
Comments
By Ralf () on
http://www.monkey.org/openbsd/archive/misc/0301/msg01244.html
seems to indicate they are not. Any news on this?
Comments
By djm () on
Comments
By SH () on
/SH
By Anonymous Coward () on
From what I have seen on the mailing lists, markus did what research he could and got no answer. If these patents aren't even granted, only applied for, and the application owners won't comment, it may be that he has performed what due diligence is possible, and it's OK to release the code. It is always possible to take it away later; there is nothing in the OpenBSD license forbidding that.
It is not really a helpful to say "go research the issue instead of arguing with the person doing the work," because it solves nothing. OpenBSD is released in the hope that someone may find it useful. Like all such projects, it lives or dies by volunteer effort and donations. If the official volunteer does not want to release code, someone else can release patches to do the task that the maintainer won't do.
I may be in the same position of having to reinstall a Linux VPN to get NAT-T, after having just installed an OBSD VPN. Luckily the CD was only 40 bucks. That's not really a terrible thing to deal with, is it? At least I know that I could hire my own programmer if I really needed NAT-T on OpenBSD, which is one of the big points of using free software.
By markus () markus@openbsd.org on mailto:markus@openbsd.org
then i'll commit my patches.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Second, did you read any of the other patents it cites? Ones like the patent on authenticating a packet? I guess ipsec should be removed from OpenBSD totally then huh?
OpenBSD could be found to be infringing on dozens of overly vague patents on things that can't be patented, does that mean its time to close up shop and forget about this whole programming thing?
Comments
By Anonymous Coward () on
unless you really really can garantee there is no patent....
Comments
By Anonymous Coward () on
By markus () on
http://www.ietf.org/ietf/IPR/SSH-NAT
http://www.ietf.org/ietf/IPR/MICROSOFT-NAT-Traversal.txt
http://www.ietf.org/ietf/IPR/microsoft-ipr-draft-ietf-ipsec-ikev2.txt
If these don't apply to NAT-T then fine.
If you show, that these don't apply then
fine. The problem is: I don't want to
have to show that they are no problems.
All the statements are vague, and nobody could
point out a what applies and what not.
If you're going to do this work, fine.
Comments
By Anonymous Coward () on
Comments
By markus () on
bizarre logic are you talking about? it's
obvious that many people claim IPR on NAT-T
and all i'm saying, that these things should
be looked into first.
Comments
By Anonymous Coward () on
Comments
By djm () on
By markus () on
By Anonymous Coward () on
Is it possible to get those patents for those of us willing to try it regardless of patent issues?
Thanks!
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Just let someone where these patents are invalid develop the stuff (just like with crypo regulations before). I thought the OpenBSD people was all for fighting these fights in a very pragmatic way -- not lying face down saying there's nothing they can do!
Comments
By markus () on