[Openswan Users] Re-2: Upgrade question

Paul Wouters paul at xelerance.com
Thu Dec 21 08:12:20 EST 2006

On Wed, 20 Dec 2006, Ludovic MARCILLY wrote:

> sorry to use only your email address but i can't send mail to users at openswan.org. I don't know why but it fails. I have tried to create another account width an other email address but i don't have received confirmation mail...

I noticed the problem. For now, use users at lists.openswan.org.

> So, i just want to know ont thing and perhaps you can help me. I've got a script to compile openswan and kernel width v1.0.7 of openswan.

openswan-1 is no longer supported, it is End Of Life. You should use 1.0.10
if anything, and even that has some risks.

> I have already try applying the klips patch before kernel compilation. I have some options but not for example blowfish algorithm. And when i try to run ipsec, it return errors like "ipsec_setup: /usr/libexec/ipsec/klipsdebug: Trouble opening PF_KEY family socket with error: Algorithm support not available in the kernel. Please compile in support."
> Do you have any idea about this problem?

openswan-1 cannot use all ciphers/algos. Only 3des/aes is guaranteed to work
for IKE and ESP.


More information about the Users mailing list