[Openswan Users] Openswan 1.0.0 and RHELv3

Dax Kelson dax at gurulabs.com
Sun Jan 4 16:39:05 CET 2004


On Sun, 2004-01-04 at 06:31, Bernd Bartmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Dax Kelson schrieb:
> | The ideal approach from a maintenance perspective, would be to use the
> | stock/in-kernel IPSec code with the Openswan userland. That seems to be
> | the plan for Openswan v2.10 due out within 3 months.
> 
> As far as I understand the situation now the backported IPSEC stack from
> kernel-2.6 is very different from FreeS/WANs KLIPS, i.e. there are no
> ipsec* network interfaces. So using the backported kernel code instead
> of KLIPS will break all current installations (updown scripts, firewall
> scripts, ...) So it would be a lot better to get KLIPS running on the
> RHES3 kernels.

I don't believe this is accurate.

Pluto is the IKE daemon of *swan. The scripts talk to pluto, the scripts
don't care if the kernel code is klips or 2.6ipsec.

Freeswan and Openswan 2.x use a pluto that works with klips or 2.6ipsec.

On 2.6 kernels and the RHEL v2.4 kernel I think that klips will be
history, especially once Openswan v2.1 is released.

Dax Kelson
Guru Labs



More information about the Users mailing list