[Openswan Users] Best option for virtual interface
Nate Carlson
natecars at natecarlson.com
Wed Jan 19 13:57:37 CET 2005
On Wed, 19 Jan 2005, Rosander wrote:
> What is the best option for being able to create and use a virtual
> interface such as ipsec0 w/ a 2.6. kernel? I'm looking for general
> opinions. Much of it has to do with management and rate tracking.
With Openswan 2.3.0, there is experimental support for the KLIPS stack
(provides the ipsec0 interface) on 2.6 kernels (even if they have the
26sec stack enabled.) There are, however, a few caveats:
1) NAT Traversal will not work. The NAT-T structure in the kernel has
changed with 2.4/2.6, and the KLIPS code has not been updated to deal with
it yet.
2) 2.3.0 has some nasty bugs; wait until 2.3.1 comes out for production
systems. :)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list