[Openswan Users]

panos panos at kamaradata.com
Mon Feb 28 10:57:09 CET 2005 

I tried to install the klips rpm and it needs ipsec-userland.  It is not
included?  I did a quick google... but couldn't find information.
Sounds like it should be part of the rpm.

[root at kirk rpm]# rpm -iv openswan-klips-2.3.0-2.6.9_1.724_FC3_1.i386.rpm
warning: openswan-klips-2.3.0-2.6.9_1.724_FC3_1.i386.rpm: V3 DSA
signature: NOKEY, key ID b7e82df8
error: Failed dependencies:
        ipsec-userland is needed by
openswan-klips-2.3.0-2.6.9_1.724_FC3_1.i386

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Monday, February 28, 2005 10:29 AM
To: panos
Cc: 'Marcus Leech'; users at openswan.org
Subject: RE: [Openswan Users]

On Mon, 28 Feb 2005, panos wrote:

> To use KLIPS wouldn't we have to build a new kernel without the IPSEC
> stuff built in.

You can build both as modules, so you can use the same kernel image.

> What is NETKEY?...

CONFIG_NETKEY is the option for the included IPsec stack in 2.6.
CONFIG_KLIPS
is the option for the openswan IPsec stack for 2.4 and 2.6

Paul

> -----Original Message-----
> From: Marcus Leech [mailto:mleech at nortel.com] 
> Sent: Monday, February 28, 2005 10:14 AM
> To: Paul Wouters
> Cc: panos; users at openswan.org
> Subject: Re: [Openswan Users]
> 
> I'm using FC3 with 2.6.10-1.766 kernel.  I couldn't get KLIPS to work
>   beyond the most superficial definition of "work".  I had to revert
to
>   NETKEY, which has its own problems--like you can only do one
>   cycle of connection up/down, between restarts of OpenSwan. [The
EAGAIN
>   problem we were discussing].
> 
> Paul Wouters wrote:
> 
> > On Mon, 28 Feb 2005, panos wrote:
> >
> >> Basically I am trying to setup a simple tunnel in manual mode.
This
> >> worked on 2.4 kernel (RH9) and openswan-2.2.0.  I am now trying the
> same
> >> config under FC3 openswan-2.3.0 and its not working.
> >
> >
> > Manual keying is very likely broken with Openswan when using NETKEY.
> The
> > most sensible thing is not to use manual keying, but automatic
keying.
> If
> > you really insist on manual keying despite the strong recommendation
> to
> > switch, try using KLIPS instead of NETKEY.
> >
> > Paul
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
> >
>

More information about the Users mailing list