[Openswan Users] Openswan 1.0.0 and RHELv3

Bernd Bartmann Bernd.Bartmann at sohanet.de
Sun Jan 4 14:31:07 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dax Kelson schrieb:
| The ideal approach from a maintenance perspective, would be to use the
| stock/in-kernel IPSec code with the Openswan userland. That seems to be
| the plan for Openswan v2.10 due out within 3 months.

As far as I understand the situation now the backported IPSEC stack from
kernel-2.6 is very different from FreeS/WANs KLIPS, i.e. there are no
ipsec* network interfaces. So using the backported kernel code instead
of KLIPS will break all current installations (updown scripts, firewall
scripts, ...) So it would be a lot better to get KLIPS running on the
RHES3 kernels.

| While waiting for Openswan v2.10 I've resigned myself to using/building
| a RHELv3 kernel plus Openswan v1.0.0. I plan on doing that today if I
| get the time. I suspect I'll need to pull out the in kernel IPSec and
| maybe USAGI (if it's in there). I want it fully RPM packaged for
| maintenance reasons.

If you have something to test, please let me know.

Best regards.

- --
Dipl.-Ing. (FH) Bernd Bartmann <Bernd.Bartmann at sohanet.de>
I.S. Security and Network Engineer
SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin
Fon: +49 30 214783-44 / Fax: +49 30 214783-46
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/+BWbkQuIaHu84cIRAuPwAJ45HjHONUmcT5Xzk+6AMf1AoY8CUQCgis3l
215PG17C8aMsn8wTxERBhTU=
=RsSZ
-----END PGP SIGNATURE-----



More information about the Users mailing list