[Openswan dev] Openswan/klips vs. snmpd [Was: Re: [debian-openswan] System hangs with OpenS/WAN]

Herbert Xu herbert at gondor.apana.org.au
Thu Jul 29 10:14:43 CEST 2004

> On Wed, 28 Jul 2004, Christoph Haas wrote:
>> Yes. I had bad experiences with the built-in IPSec implementation (via
>> the netfilter module) and wanted to have tools like "ipsec eroute" to
>> control (and view) the tunnels. The kernel IPSec has hidden so much that
>> I never knew where I should look for configuration problems. This may
>> have changed since I last checked.
User-Agent: tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.26-1-686-smp (i686))

There are definitely issues which still need to be resolved with the 26sec
stack.  But this is not one of them.  You can look at the policies (aka
eroutes) using setkey -PD and manipulate them using setkey.

Future versions of ip(8) will also allow you to do this via ip xfrm policy.

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

More information about the Dev mailing list