[Openswan Users] Debian 2.4.26 and Openswan 2.1.3

Paul Wouters paul at xelerance.com
Mon Sep 13 15:46:51 CEST 2004

On Mon, 13 Sep 2004 t.henneberger at hcs-computer.de wrote:

> I was told that Kernel 2.4 would be a good idea as Klips is the better
> known solution and works just fine. I was also told that I don't have
> to touch the Kernel if I use a Debian 2.4.26 as it has native IPSec.

If Debian's 2.4 kernels have the backport code, then you will have to
compile your own kernel from a 'vanilla' source, or figure out which
patch the debian people do to the kernel, and perhaps you can skip the
backport patch.

> This is where my trouble begins. If 2.4.26 has backported IPSec, I can't
> use Klips, but have to use Setkey, right?

Don't call the non-klips stack 'setkey'. Setkey is a binary used to query and
set policies for the native ipsec stack. If the backport is in the code, you
can not yet patch klips in. I hope that once klips on 2.6 works properly, we
can also patch it in any backport 2.4 stack.

> /ipsec verify returns that Ipsec native is installed and that setkey is ok.

ipsec --version gives a better report on which versions and stacks are used,
but if setkey is checked, then the native stack is loaded.

> I would like to use Klips as it is better documented, and because the Ipsec-Tools
> for Windows use the same syntax for the configuration.

Then iehter compile your own linux kernel from vanilla sources (eg LinuS), or
figure out how to un-do the backport patch to the kernel from the debial kernel
build system. (I am not that familiar with Debian)


More information about the Users mailing list