[Openswan Users] KLIPS or NETKEY on 2.6 kernels
Paul Hampson
Paul.Hampson at PObox.com
Wed Apr 13 03:27:17 CEST 2005
On Tue, Apr 12, 2005 at 03:50:33PM +0200, Gellér Sándor wrote:
> Hello,
> I have a (maybe lame) question: why is KLIPS getting ported to linux
> 2.6.x kernels, if openswan already supports NETKEY? I was not able to
> find any feature comparisions between KLIPS and NETKEY, expect the
> ipsec* interfaces. If someone can point me to the right direction, I
> would be thankful!
The first thing that comes to mind is that KLIPS and NETKEY have
incompatible compression.
The first thing I _hit_ is that KLIPS refuses to deal with devices
which share an IP address with other devices, so I went back to
NETKEY, and wrapped my head around ip xfrm instead of applying
iptables to ipsec*.
--
Paul "TBBle" Hampson, on an alternate email client.
More information about the Users
mailing list