On 3/4/02 6:22 PM, "Guy Gardner" <guygardner@attbi.com> wrote:
All,
I noticed on NetBSD.org that IPsec support is built in since 1999 but you
must rebuild the kernel to use it. I poked around under the kernel framework
of Mac OS X and found a header file related directly to IPSec along with
several other header files that are related to the way IPSec is implemented
on NetBSD. Darwin is based on NetBSD so this makes sense.
My understanding is that the networking pieces of our kernel are loosely based on FreeBSD 3.2. FreeBSD didn't have the Kame IPSec and IPv6 integrated in to it like FreeBSD 4.4 does. A version of the Kame IPv6 and IPSec support was merged in to our kernel a long long time ago. Our IPSec and IPv6 support is out of date, which is probably one of the reasons it was never turned on.
I know that there are plenty of people out there looking for a IPSec support
for Mac OS X. At least I know I am chopping at the bit for it!
I am not a Unix guru but am learning (slowly) SO I was wondering if anyone
out there, that really has a good grasp of BSD networking, has rebuilt
Darwin/Mac OS X with IPSec turned on in the kernel and been able to get
IPSec tunneling to work?
I believe a few people have worked on compiling the Darwin sources with IPSec and IPv6 turned on. There are a few problems you will run in to with AirPort and something else declaring symbols that are declared in the kernel. Check out the archives for the details.
And: Does anyone have an idea if Apple is considering the next Mac OS X and
Darwin refreshes with IPSec options built into the Kernel and providing a
nice UI/Command line way to set this all up to work?
The networking sources in the kernel have been updated to be closer to FreeBSD 4.4. I believe the merged sources haven't been pushed out to the anoncvs server yet. I think they should appear in the tag Apple-240 or later. It should be possible to build xnu with the ipsec and inet6 options. The IPv6 and IPSec command line tools as well as libinet6 and libipsec are not in Darwin yet, so you'll have no good way to test IPv6 and IPSec short of porting the libraries and tools yourself. -josh _______________________________________________ darwin-kernel mailing list | darwin-kernel@lists.apple.com Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel Do not post admin requests to the list. They will be ignored.