[Openswan Users] KLIPS or NETKEY on 2.6 kernels

Paul Hampson Paul.Hampson at PObox.com
Wed Apr 13 03:27:17 CEST 2005

On Tue, Apr 12, 2005 at 03:50:33PM +0200, Gellér Sándor wrote:
> Hello,

> I have a (maybe lame) question: why is KLIPS getting ported to linux 
> 2.6.x kernels, if openswan already supports NETKEY? I was not able to 
> find any feature comparisions between KLIPS and NETKEY, expect the 
> ipsec* interfaces. If someone can point me to the right direction, I 
> would be thankful!

The first thing that comes to mind is that KLIPS and NETKEY have
incompatible compression.

The first thing I _hit_ is that KLIPS refuses to deal with devices
which share an IP address with other devices, so I went back to
NETKEY, and wrapped my head around ip xfrm instead of applying
iptables to ipsec*.

Paul "TBBle" Hampson, on an alternate email client.

More information about the Users mailing list