Contributed by marco on from the we-cant-pronounce-your-name-but-we-love-your-code dept.
The OpenBSD IPsec Hackathon is over. Developers are on their way back home or continue travelling in Germany. The location was awesome (Schloss Kransberg). The calmness of the countryside and the modern infrastructure helped a lot to focus on hacking and quite a few things got done that will make the 4.0 release:
- sasyncd now controls isamkpd: This makes it possible to run isamkpd non-passive in a HA setup. As needed when using failover setups on both sides.
- Several bugfixes in various places went in (like interaction with bgpd or PF_KEY socket handling).
- Support for AH in ipsecctl.
- Big documentation update for ipsec.conf and friends. This work will continue for the next weeks. So there will be some more improvements that will go in for 4.0. Stay tuned!
Some projects that were started at some time this year continued. Diffs will go in as soon as the tree is unlocked again and ready for 4.0-current:
- pf tagging for IPsec implemented, lots of discussion went on about how to do it right. Both userland and kernel code work now.
- tcpdump can now decode ESP and AH for ipv6, too.
Moreover, several projects were kicked off shortly before or during k2k6:
- More work on sasyncd and isakmpd, there are several diffs pending for review and testing.
- More interop testing.
- Work IKEv2 started.
- XAUTH and Hybrid Authentication.
Thanks to all hackers and those that made this event possible!
(Comments are closed)