[Openswan Users] netkey port for 2.4?
newsgroups at 2thebatcave.com
Thu Dec 8 09:46:14 CET 2005
> Why not use KLIPS instead of NETKEY?
For stability/updates/compatibility I would really like to be able to use
an unpatched kernel. 2.6.14 would be ideal for this I think, however the
pptp pass-through is broken and I don't know when it will be fixed (and I
can't seem to get it to work on many older 2.6 versions I have tried
So the plan is to use 2.6.x as soon as it will work for me. However since
it won't work now, I am stuck using 2.4.x (or a REALLY old 2.6.x, but I
don't want to do that).
I have a lot of machines to maintain, and it would be really nice if
minimal changes in configuration/behaviour were to happen from the 2.4 to
the 2.6 conversion. For example the whole ipsec* interface thing and the
difference in the workings of the leftsourceip parameter (as discussed in
I think it would just be easier to use the same ipsec stac as that would
be one less thing I would have to deal with in the eventual conversion.
Unless there are stability issues with netkey on 2.4 as apposed to klips.
In that case I guess I would go with klips and then just have to deal with
the eventual conversion to netkey on all the machines.
More information about the Users