Microsoft files EU Android complaint

[James Knott]

D. Hugh Redelmeier wrote:
> I don't know much about strongSwan.
>
> I don't even know as much as I'd like to about Libreswan.
>
> Libreswan seems to interoperate with iPhones (I've seen it).  But I
> don't think that that is Opportunistic since iOS uses Raccoon and that
> doesn't do OE.  The tunnels are built on demand, but I think that they
> have to be prearranged.

Though I'm no expert, my impression is the Linux world is moving to 
StrongSWAN for IPSec.  There were a couple of previous attempts, one 
being FreeS/WAN.  I have also used OpenVPN for years and one other (name 
escapes me) prior to that.
>
> Getting Libreswan to interoperate with iOS required supporting another
> few "options": ESP over UDP (to deal with NAT, I think), and IKE
> fragmentation (not standardized; partially documented in a file found
> on a Microsoft server; needed to work around broken firewalls that
> discard (legally) fragmented UDP).  And some other things I don't
> understand.  What a mess.

IPSec supports ESP through NAT, though AH chokes on it.  Of course once 
the move to IPv6 is complete, we can forget about NAT and the problems 
it creates.  At that time, any IPv4 only stuff can be treated as the 
exception, rather than the rule.


>
> |  Might there be something in there that could be called
> | by a VoIP app for encrypting a call?
>
> I don't know.

While it's certainly possible that every app that uses IPSec could "roll 
it's own" support, it's certainly better to have a shared library.  So, 
perhaps a VoIP app that offers IPSec could use that library I 
mentioned.  Or perhaps someone will come up with a shared library that 
everything, including VPNs call on for IPSec support. We'll have to see.

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists