Hi Keith,

On Mon, 24 Oct 2005 23:04:05 -0700, Keith Keller wrote:
> --Patch the 2.4 kernel, patch 2.6 with KLIPS, or use 2.6's native ipsec?

I would go for the native 2.6 kernel IPsec implementation with the ported
KAME IPsec tools. The 2.6 implementation is similar to that in *BSD, and
the tools are equal (although OpenBSD does not use racoon). This
implementation is tried & tested, and is the standard IPsec implementation
of the future.

> If it makes any difference, one end of the ipsec tunnel will (likely) be
> an OS X Tiger box. I've seen less documentation on OS X <-> linux
> ipsec, but enough that my options should not be too limited.

IIRC Mac OS X has the KAME IPsec implementation, with the normal KAME
tools. If you use the native 2.6 stack and KAME ipsec tools, configuration
on Mac OS X and Linux will virtually be the same (setting up security
policies with setkey, and making security associations with the racoon IKE
daemon).

-- Daniel