[Openswan Users] NETKEY vs KLIPS on a 2.6 kernel

[Randy B]

I know the standard answer is to research, but I don't mind saying it
again - I had the same question and don't mind giving my newfound view
on it.  The pro of one is the con of another, and I call 'em as I see
'em - which is wrong as often as not.

The primary pro of KLIPS is 'simplified' routing - control freaks (like
me) are given a definitive (albeit virtual) interface that can be very
simply routed, firewalled, etc.

The primary pro of NETKEY is that it's in the vanilla kernel - most
distro vendors will thus stand firmly (if ignorantly) stand behind it
and call it supported.

AFAICT, it's mostly preference - there are tools available to do just
about everything in NETKEY that you would want to do in KLIPS, it's just
that NETKEY is kernel-default.  KLIPS seems to have been kept around to
maintain compatibility for those who need it for scripts or other *things*.

Now, who's going to be the first to show me I'm wrong?  ;-)

RB