Subject: Re: FAST_IPSEC [was Re: ipv6 source address selection]
To: None <tech-net@netbsd.org>
From: Geert Hendrickx <ghen@telenet.be>
List: tech-net
Date: 09/27/2007 18:34:13
On Wed, Sep 26, 2007 at 11:50:25PM +0000, Christos Zoulas wrote:
> There were two reasons for not enabling IPSEC in generic.
> 1. performance. It would be nice to have a flag to globally enable or
> disable it, so that the ip path does not slow down a lot when IPSEC is
> enabled but there are no IPSEC policies.
> 2. the crypto/export issues. I don't think that this is an issue anymore.
3. (not really a big issue) it breaks userland IPSec implementations like
for example pkgsrc/net/vpnc.
Geert