Novell-SUSE Sponsors Openswan 132
hsjones writes "Concerned about the demise of FreeS/WAN? Well, looks like Openswan is going to be a good, strong open source IPsec project going forward. Novell and SUSE have jumped in with Astaro to back the project and move it along. See the press release. The Openswan project is at http://www.openswan.org. SUSE Linux and Astaro Security Linux both use FreeS/WAN in their current releases. It will be very interesting to watch what they do now with Openswan!"
SUSE (Score:3, Interesting)
and ? (Score:4, Interesting)
I have never tried SWAN because OpenVPN is so easy.
Are there any compelling reasons to try it ??
Why? (Score:5, Interesting)
Re:Why? (Score:2, Interesting)
Re:and ? (Score:5, Interesting)
x509 is certs right ? OpenVPN can do em. nat-t ? OpenVPN doesnt need that kludge. It uses one port that can be redirected through multiple Nats if need be. Dead peer detection ? OpenVPN is self healing. Link goes down, comes back up and OpenVPN reconnects.
Now before I get too carried away, I dont know shit about vpn, but SWAN looks like a bitch (based on my IPCop machine) and OpenVPN is very easy.
Re:and ? (Score:2, Interesting)
This is one area where I think one of the commercial distrobutions could easily differentiate themselves from the pack, but no signs of it yet.
Re:Why? (Score:3, Interesting)
Look at the recent posts on the netfilter lists, for instance - doing secure firewalling with 26sec is still a real pain. There's a set of 6 patches now, but they aren't integrated into the kernel yet, and some may not be for some time.
Also, there's some network configurations that work fine under 2.4/Openswan, but will not work at all in 2.6. One of these configs I use daily (subnet extrusion), so I've been unable to update any of my production machines to the new stack, even though I'm one of the Openswan developers.
I hope to see about solving some of this at LinuxTag in a few days, since there will be a large contingent of developers present, and putting the right people in a room together gets things resolved very quickly
Ken
Re:Novell fumbled the ball - again and again... (Score:3, Interesting)
TCP/IP is fundamentally designed to let anybody in, very routable and hardly securable. It's essentially a difference between private roads and public roads.
Just on the basis of where Novell is coming from, I'd expect a Linux coming from Novell to be somehow much more "business-friendly". Just a different bias in setting various tweaks and configurations would be enough.
Re:Novell's Commitment to Free Software (Score:4, Interesting)
Look, we all know which company you're thinking of, and I'm telling you you're completely misinformed. Can you please let me know some of the supposed closed programs this evil company is distributing, because the last time I checked it was all open source. Somehow the bashers always forget this detail...
This is the comany that is afraid to include mp3 support for being non-free, right? The company that pays Alax Cox, Arjan van de Ven, Dave Jones, Jeff Garzik, Warren Togami, Roland McGrath, Guy Streeter and many more to hack the kernel? In fact, if I'm not mistaken this company has more kernel hackers than IBM and Novell combined (read a kernel changelog lately)? I'd list some GNOME developers that works for this beast of a company, but let's just say outside Ximian they're the #1 employer here as well (cough, Havoc Pennington, Alexandre Oliva *cough*). And all that money and effort they pour into Freedesktop.org and X.org, that's just to lock you in, right?
That company? Am I forgetting something... ? Oh yeah, they pretty much alone funded NPTL development for 2.6, backported it to 2.4 not only for their paying customers but their free version too. I guess they're pretty much the defacto maintainers of GCC and glibc these days too, but other than that, what have they ever given us?
Re:and ? (Score:2, Interesting)
Re:Novell's Commitment to Free Software (Score:1, Interesting)
1. The n00b. Red Hat = MS. This person doesn't let the facts get in the way of a good argument. He's running Linux 'cause it's the l33t thing to do. Listen sonny, I was installing Slackware from disksets from the local BBS when you where a twinkle in your daddy's eye. Between then and now the community, and I myself, have written a shitload of code so that I and you don't have to do things the hard way anymore to be l33t. I've got actual work to do now on Linux, get this, not in fact related to Linux at all.
2. The rabid KDE zealot (a minority in the KDE community). Red Hat will go KDE, oh, right about when the Sun goes Nova. They hate RH and Ximian for basically keeping GNOME alive no matter what might come.
3. The distro zealot. "My distro makes me feel like a productive community member, because I've got GCC compiling 24/7... not that I know what any of the output means...". Curiously you never, ever see these distro makers posting on the Linux kernel mailing list, or contributing to any core project outside their own little package management tools.
KAME has problems (Score:3, Interesting)
KAME also has problems with netfilter; specifically it doesn't work with all NAT rules, which are VERY common on ipsec gateways. It also doesn't work at the interface level, so many of the advanced routing tools don't work like you'd expect (try using tc with it, on an inteface level...).
I don't know why 2.6 and the Linux ipsec-tools project standardized on KAME. It may be from BSD, but we already have better userland tools, and they already (mostly) work with the new 2.6 ipsec intefaces. Hopefully these tools will get better with time, but right now pluto/openswan are simply more mature, stable and just plain better.
Re:Novell's Commitment to Free Software (Score:3, Interesting)
Novell, on the other hand, had built a (at one time) very successful business around proprietary software. It's a huge culture shift for them. Not they were ever the "evil empire" type of company, but they were certainly not making money on Free Software.
I have so much more to say about this, actually, that I can't say in a public forum. Suffice to say, I never had the opportunity to work with Novell in it's former heyday, but today they are one of the most accomdating, ethical, and sensible companies I have ever dealt with. They have a true understanding of what "customer service" means, and it reflects very well on them. Additionally - only from personal experience, mind you - I could could say all the opposite things about my experiences with Red Hat. (If you'd more insights about this, privately, please feel free to e-mail at the address above.)
So, here's what I'm getting at - I, personally, have decided to business with Novell instead of Red Hat, for reasons that have nothing to do with Free Software ideology. That said, I was very concerned about Novell's level of commitment to Free Software, but their recent actions have quelled those fears. I appreciate Red Hat's work, their staff, and the company's contribution to Free Software - but that was never really in question.
One more thing (really a side note) - your list of kernel developers piqued my interest. I never realized that Jeff Garzik was working at Red Hat or was coding kernels. I read your list, and went, "Hey! I know Jeff Garzik! He's at Red Hat? Cool!" I went to college with Jeff at Georgia Tech back in the 90's, and I always wondered what he was up to. He was such a brilliant coder and SA, I'm glad to see he's doing well for himself. In fact, at one point, we did a really great Star Wars [google.com] parody. Heh heh heh
Re:patents hurt openswan (Score:1, Interesting)
I thought the former was possible, but the latter was not (yet) there ?
Re:OpenVPN is an excellent alternative to IPSec... (Score:2, Interesting)
With those hardware companies moving to Linux as a platform (CyberGuard, BorderWare, Stonesoft, Astaro and others already there -- many more moving), this is a good move for Novell to make SuSE Linux more attractive to those guys.