[Openswan Users] netkey port for 2.4?

Nick newsgroups at 2thebatcave.com
Thu Dec 8 09:46:14 CET 2005

> Why not use KLIPS instead of NETKEY?

For stability/updates/compatibility I would really like to be able to use
an unpatched kernel.  2.6.14 would be ideal for this I think, however the
pptp pass-through is broken and I don't know when it will be fixed (and I
can't seem to get it to work on many older 2.6 versions I have tried

So the plan is to use 2.6.x as soon as it will work for me.  However since
it won't work now, I am stuck using 2.4.x (or a REALLY old 2.6.x, but I
don't want to do that).

I have a lot of machines to maintain, and it would be really nice if
minimal changes in configuration/behaviour were to happen from the 2.4 to
the 2.6 conversion.  For example the whole ipsec* interface thing and the
difference in the workings of the leftsourceip parameter (as discussed in
another thread).

I think it would just be easier to use the same ipsec stac as that would
be one less thing I would have to deal with in the eventual conversion.

Unless there are stability issues with netkey on 2.4 as apposed to klips. 
In that case I guess I would go with klips and then just have to deal with
the eventual conversion to netkey on all the machines.

More information about the Users mailing list