Much of this document is quoted directly from the Linux FreeS/WAN mailing list. Thanks very much to the community of testers, patchers and commenters there, especially the ones quoted below but also various contributors we haven't quoted.
In general, do not expect Linux FreeS/WAN to do everything yet. This is a work-in-progress and some parts of the IPsec specification are not yet implemented.
Things we do, as of version 1.95:
In negotiating a keying connection (ISAKMP SA, Phase 1) we propose both groups when we are the initiator, and accept either when a peer proposes them. Once the keying connection is made, we propose only the alternative agreed there for data connections (IPsec SA's, Phase 2) negotiated over that keying connection.
In negotiations, we propose both of these and accept either.
All combinations of implemented transforms are supported. Note that some form of packet-level authentication is required whenever encryption is used. Without it, the encryption will not be secure.
Things we deliberately omit which are required in the RFCs are:
Since these are the only encryption algorithms and DH group the RFCs require, it is possible in theory to have a standards-conforming implementation which will not interpoperate with FreeS/WAN. Such an implementation would be inherently insecure, so we do not consider this a problem.
Anyway, most implementations sensibly include more secure options as well, so dropping null encryption, single DES and Group 1 does not greatly hinder interoperation in practice.
We also do not implement some optional features allowed by the RFCs:
In theory, this should cause no interoperation problems since all implementations are required to support the more secure main mode, whether or not they also allow aggressive mode.
In practice, it does sometimes produce problems with implementations such as Windows 2000 where aggressive mode is the default. Typically, these are easily solved with a configuration change that overrides that default.
Things we don't yet do, as of version 1.95:
Currently Triple DES is the only encryption method Pluto will negotiate.
No additional encryption transforms are yet implemented, though the RFCs allow them and some other IPsec implementations support various of them. We are not eager to add more, since they complicate both our work and that of the gateway administrator without any obvious security improvement. We would certainly not want to incorporate any cryptographic method that had inadequate ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./usr/share/doc/freeswan/doc/src/compat.html��������������������������������������������������������0100644�0000000�0000000�00000076453�07437324625�017744� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Much of this document is quoted directly from the Linux FreeS/WAN mailing list. Thanks very much to the community of testers, patchers and commenters there, especially the ones quoted below but also various contributors we haven't quoted.
In general, do not expect Linux FreeS/WAN to do everything yet. This is a work-in-progress and some parts of the IPsec specification are not yet implemented.
Things we do, as of version 1.95:
In negotiating a keying connection (ISAKMP SA, Phase 1) we propose both groups when we are the initiator, and accept either when a peer proposes them. Once the keying connection is made, we propose only the alternative agreed there for data connections (IPsec SA's, Phase 2) negotiated over that keying connection.
In negotiations, we propose both of these and accept either.
All combinations of implemented transforms are supported. Note that some form of packet-level authentication is required whenever encryption is used. Without it, the encryption will not be secure.
Things we deliberately omit which are required in the RFCs are:
Since these are the only encryption algorithms and DH group the RFCs require, it is possible in theory to have a standards-conforming implementation which will not interpoperate with FreeS/WAN. Such an implementation would be inherently insecure, so we do not consider this a problem.
Anyway, most implementations sensibly include more secure options as well, so dropping null encryption, single DES and Group 1 does not greatly hinder interoperation in practice.
We also do not implement some optional features allowed by the RFCs:
In theory, this should cause no interoperation problems since all implementations are required to support the more secure main mode, whether or not they also allow aggressive mode.
In practice, it does sometimes produce problems with implementations such as Windows 2000 where aggressive mode is the default. Typically, these are easily solved with a configuration change that overrides that default.
Things we don't yet do, as of version 1.95:
Currently Triple DES is the only encryption method Pluto will negotiate.
No additional encryption transforms are yet implemented, though the RFCs allow them and some other IPsec implementations support various of them. We are not eager to add more, since they complicate both our work and that of the gateway administrator without any obvious security improvement. We would certainly not want to incorporate any cryptographic method that had inadequate ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./usr/share/doc/freeswan/doc/src/compat.html��������������������������������������������������������0100644�0000000�0000000�00000076453�07437324625�017744� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Much of this document is quoted directly from the Linux FreeS/WAN mailing list. Thanks very much to the community of testers, patchers and commenters there, especially the ones quoted below but also various contributors we haven't quoted.
In general, do not expect Linux FreeS/WAN to do everything yet. This is a work-in-progress and some parts of the IPsec specification are not yet implemented.
Things we do, as of version 1.95:
In negotiating a keying connection (ISAKMP SA, Phase 1) we propose both groups when we are the initiator, and accept either when a peer proposes them. Once the keying connection is made, we propose only the alternative agreed there for data connections (IPsec SA's, Phase 2) negotiated over that keying connection.
In negotiations, we propose both of these and accept either.
All combinations of implemented transforms are supported. Note that some form of packet-level authentication is required whenever encryption is used. Without it, the encryption will not be secure.
Things we deliberately omit which are required in the RFCs are:
Since these are the only encryption algorithms and DH group the RFCs require, it is possible in theory to have a standards-conforming implementation which will not interpoperate with FreeS/WAN. Such an implementation would be inherently insecure, so we do not consider this a problem.
Anyway, most implementations sensibly include more secure options as well, so dropping null encryption, single DES and Group 1 does not greatly hinder interoperation in practice.
We also do not implement some optional features allowed by the RFCs:
In theory, this should cause no interoperation problems since all implementations are required to support the more secure main mode, whether or not they also allow aggressive mode.
In practice, it does sometimes produce problems with implementations such as Windows 2000 where aggressive mode is the default. Typically, these are easily solved with a configuration change that overrides that default.
Things we don't yet do, as of version 1.95:
Currently Triple DES is the only encryption method Pluto will negotiate.
No additional encryption transforms are yet implemented, though the RFCs allow them and some other IPsec implementations support various of them. We are not eager to add more, since they complicate both our work and that of the gateway administrator without any obvious security improvement. We would certainly not want to incorporate any cryptographic method that had inadequate ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������./usr/share/doc/freeswan/doc/src/compat.html��������������������������������������������������������0100644�0000000�0000000�00000076453�07437324625�017744� 0����������������������������������������������������������������������������������������������������ustar �root����������������������������root�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Much of this document is quoted directly from the Linux FreeS/WAN mailing list. Thanks very much to the community of testers, patchers and commenters there, especially the ones quoted below but also various contributors we haven't quoted.
In general, do not expect Linux FreeS/WAN to do everything yet. This is a work-in-progress and some parts of the IPsec specification are not yet implemented.
Things we do, as of version 1.95:
In negotiating a keying connection (ISAKMP SA, Phase 1) we propose both groups when we are the initiator, and accept either when a peer proposes them. Once the keying connection is made, we propose only the alternative agreed there for data connections (IPsec SA's, Phase 2) negotiated over that keying connection.
In negotiations, we propose both of these and accept either.
All combinations of implemented transforms are supported. Note that some form of packet-level authentication is required whenever encryption is used. Without it, the encryption will not be secure.
Things we deliberately omit which are required in the RFCs are:
Since these are the only encryption algorithms and DH group the RFCs require, it is possible in theory to have a standards-conforming implementation which will not interpoperate with FreeS/WAN. Such an implementation would be inherently insecure, so we do not consider this a problem.
Anyway, most implementations sensibly include more secure options as well, so dropping null encryption, single DES and Group 1 does not greatly hinder interoperation in practice.
We also do not implement some optional features allowed by the RFCs:
In theory, this should cause no interoperation problems since all implementations are required to support the more secure main mode, whether or not they also allow aggressive mode.
In practice, it does sometimes produce problems with implementations such as Windows 2000 where aggressive mode is the default. Typically, these are easily solved with a configuration change that overrides that default.
Things we don't yet do, as of version 1.95:
Currently Triple DES is the only encryption method Pluto will negotiate.
No additional encryption transforms are yet implemented, though the RFCs allow them and some other IPsec implementations support various of them. We are not eager to add more, since they complicate both our work and that of the gateway administrator without any obvious security improvement. We would certainly not want to incorporate any cryptographic method that had inadequate �������������������������������������������������������������������������������������������������������������������������������������������������������������