[Openswan Users] OpenSwan 1.x -> OpenSwan 2.x migration
Paul Wouters
paul at xelerance.com
Tue Feb 28 01:32:35 CET 2006
On Mon, 27 Feb 2006, Stephen Jones wrote:
> (a) Is there already a posted "HowTo" for this scenario out there that I just
> couldn't find?
I don't think there is one.
> (b) Is this scenario covered in the recently published "Building and
> Integrating Virtual Private Networks with Openswan" book?
It is covered in the book briefly, but there really is not that much to it
if you keep on the 2.4 linux kernel.
- remove plutoload= and plutostart= options from ipsec.conf
- Ad as first line "version 2" to ipsec.conf
- include /etc/ipsec.d/examples/no_oe.conf if not using Opportunistic Encryption
There are some minor issues that could come up. A change in the order
of proposals could cause broken connections to certain (too) strict
ipsec hardware. Perhaps we fixed a bug that an older version you are
connecting with still has that gets triggered.
In theory, it shouldn't be a big deal to migrate.
Paul
More information about the Users
mailing list