[Openswan Users] Questions from a beginner ;)

David Clymer dclyme at hrcsb.org
Fri Aug 20 10:18:54 CEST 2004 

Thus quoth Thomas Henneberger:
> To: users at openswan.org
> From: Thomas Henneberger <T.Henneberger at Hcs-Computer.de>
> Subject: [Openswan Users] Questions from a beginner ;)
> 
> Hello list
> 
> The first decision I have to make is what Distribution and Kernel to 
> use. According to some docs
> I read I could use a 2.6 Kernel with the internal IpSec-stack and just 
> install the Userland-Tools, other docs tell me that using a 2.6 Kernel 
> could make problems with Klips and the internal Ipsec stack. Some people 
> told me to use a 2.4 Kernel and stick with Klips. Nate Carlson writes 
> that a 2.4. Debian should work fine without touching the Kernel.
> All that got me confused ;)
> 

Openswan will work with both, so whichever you choose will work just
fine. However, one noticable difference between the two, is that, when
you set up a VPN with KLIPS, you "see" the unencrypted traffic come in 
on its own interface (called ipsec0, ipsec1, etc, depending on how many
you've set up). This is not the case with the "native" kernel code. If
you are planning to set up firewall rules on this box, you may find it
useful to have an ipsec interface for use in categorizing or
differentiating traffic which comes in on the VPN from unencrypted (and
less trusted?) traffic which is recieved on your ethernet interface.

> I decided to give this a try on a 9.1 Suse with a 2.6.5 Kernel, and it 
> didn t work (ipsec verify returned no ipsec in kernel activated). I 
> talked to a friend of mine (who knows a lot more about Linux then me) 
> and he told me to use Debain instead.

Use whatever distribution you are most comfortable with. Of course, if
you arent very familiar with any particular distribution yet, and your
friend is going to play a significant role in helping you setup and/or
administer this box, it may be a good idea to use the distro he prefers
and get comfortable with it. I'm of the opinion that debian is a top
notch distro :o)

> 
> So, my questions:
> What distribution and kernel should I use? Please bear in mind that I am 
> no Linux-Professional. I am willing to learn and read, but I need a good 
> documentation !!! (I don?t think I could work with a sparsely documented 
> developers release)

well, general documentation is abundant, but I often find that when I
have a specific problem, I cant find documentation on it ;o)  

-davidc

More information about the Users mailing list