[Openswan Users] 2.6 Native stack & routing

Lewis Shobbrook lshobbrook at fasttrack.net.au
Tue Jun 8 16:41:10 CEST 2004


Hi All,
I have a couple of questions I'm hoping some of you can answer regarding
IPSEC routing in the 2.6 kernel stack.

I'm planning to upgrade the existing FreeSwan servers to openswan so I
can update the kernel etc.  I've been testing Openswan 2.1.2 on the
Debian unstable 2.6.5 kernel IPSEC stack.  I can establish SA between
openswan and a 1.98b on 2.4.18 (at least 1.98b thinks so) but no route's
appear in the routing tables of either machine.  I've noted it mentioned
that the 2.6 stack doesn't use virtual interfaces such as ipsec0.  
How does IPSEC work in this scenario? 
Does the 2.6 stack hook in to all packets destined to the ipsec tunnel
endpoint and encrypt them?

Regardless I can't see how this will work at the 1.98b end...

Is there any way of making a backward compatible connection from a 2.6.5
Native IPSEC/openswan 2.1.2 combination with older fswan versions?

Finally one last question for the weary reader, has anyone been able to
successfully get WinXP NAT-T working with 2.6 native stack and L2TP/
ipsec openswan 2.1.2 using x509 certs?  If so could you please post
relevant parts of your ipsec.conf?

Cheers,

Lewis Shobbrook


More information about the Users mailing list