• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: IPSec Question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec Question

  • Subject: Re: IPSec Question
  • From: Josh Graessley <email@hidden>
  • Date: Mon, 04 Mar 2002 18:50:55 -0800
On 3/4/02 6:22 PM, "Guy Gardner" <email@hidden> wrote:

> All,
>
> I noticed on NetBSD.org that IPsec support is built in since 1999 but you
> must rebuild the kernel to use it. I poked around under the kernel framework
> of Mac OS X and found a header file related directly to IPSec along with
> several other header files that are related to the way IPSec is implemented
> on NetBSD. Darwin is based on NetBSD so this makes sense.

My understanding is that the networking pieces of our kernel are loosely
based on FreeBSD 3.2. FreeBSD didn't have the Kame IPSec and IPv6 integrated
in to it like FreeBSD 4.4 does. A version of the Kame IPv6 and IPSec support
was merged in to our kernel a long long time ago. Our IPSec and IPv6 support
is out of date, which is probably one of the reasons it was never turned on.

> I know that there are plenty of people out there looking for a IPSec support
> for Mac OS X. At least I know I am chopping at the bit for it!
>
> I am not a Unix guru but am learning (slowly) SO I was wondering if anyone
> out there, that really has a good grasp of BSD networking, has rebuilt
> Darwin/Mac OS X with IPSec turned on in the kernel and been able to get
> IPSec tunneling to work?

I believe a few people have worked on compiling the Darwin sources with
IPSec and IPv6 turned on. There are a few problems you will run in to with
AirPort and something else declaring symbols that are declared in the
kernel. Check out the archives for the details.

> And: Does anyone have an idea if Apple is considering the next Mac OS X and
> Darwin refreshes with IPSec options built into the Kernel and providing a
> nice UI/Command line way to set this all up to work?

The networking sources in the kernel have been updated to be closer to
FreeBSD 4.4. I believe the merged sources haven't been pushed out to the
anoncvs server yet. I think they should appear in the tag Apple-240 or
later. It should be possible to build xnu with the ipsec and inet6 options.

The IPv6 and IPSec command line tools as well as libinet6 and libipsec are
not in Darwin yet, so you'll have no good way to test IPv6 and IPSec short
of porting the libraries and tools yourself.

-josh
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.
References: 
 >IPSec Question (From: Guy Gardner <email@hidden>)

  • Prev by Date: IPSec Question
  • Next by Date: Re: IPSec Question
  • Previous by thread: IPSec Question
  • Next by thread: Re: IPSec Question
  • Index(es):
    • Date
    • Thread