[Openswan Users] Openswan 1.0.0 and RHELv3

Bernd Bartmann Bernd.Bartmann at sohanet.de
Mon Jan 5 00:45:44 CET 2004

Hash: SHA1

Dax Kelson schrieb:
| On Sun, 2004-01-04 at 06:31, Bernd Bartmann wrote:
|>As far as I understand the situation now the backported IPSEC stack from
|>kernel-2.6 is very different from FreeS/WANs KLIPS, i.e. there are no
|>ipsec* network interfaces. So using the backported kernel code instead
|>of KLIPS will break all current installations (updown scripts, firewall
|>scripts, ...) So it would be a lot better to get KLIPS running on the
|>RHES3 kernels.
| I don't believe this is accurate.
| Pluto is the IKE daemon of *swan. The scripts talk to pluto, the scripts
| don't care if the kernel code is klips or 2.6ipsec.

Firewall scripts do care a lot about KLIPS or 2.6ipsec. 2.6ipsec simply
does not provide the ipsec* network devices. ipsec* devices are a alot
easier to handle. You don't have to fiddle with packet marking in
iptables to allow ipsec traffic through your firewall.

| Freeswan and Openswan 2.x use a pluto that works with klips or 2.6ipsec.
| On 2.6 kernels and the RHEL v2.4 kernel I think that klips will be
| history, especially once Openswan v2.1 is released.

This may well be the case. So we need a real good document telling the
people how to convert their setups to the new code.

Best regards.

- --
Dipl.-Ing. (FH) Bernd Bartmann <Bernd.Bartmann at sohanet.de>
I.S. Security and Network Engineer
SoHaNet Technology GmbH / Kaiserin-Augusta-Allee 10-11 / 10553 Berlin
Fon: +49 30 214783-44 / Fax: +49 30 214783-46
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Users mailing list