[Openswan Users] OpenSwan 1.x -> OpenSwan 2.x migration

Paul Wouters paul at xelerance.com
Tue Feb 28 01:32:35 CET 2006


On Mon, 27 Feb 2006, Stephen Jones wrote:

> (a) Is there already a posted "HowTo" for this scenario out there that I just
> couldn't find?

I don't think there is one.

> (b) Is this scenario covered in the recently published "Building and
> Integrating Virtual Private Networks with Openswan" book?

It is covered in the book briefly, but there really is not that much to it
if you keep on the 2.4 linux kernel.

- remove plutoload= and plutostart= options from ipsec.conf
- Ad as first line "version 2" to ipsec.conf
- include /etc/ipsec.d/examples/no_oe.conf if not using Opportunistic Encryption

There are some minor issues that could come up. A change in the order
of proposals could cause broken connections to certain (too) strict
ipsec hardware. Perhaps we fixed a bug that an older version you are
connecting with still has that gets triggered.

In theory, it shouldn't be a big deal to migrate.

Paul


More information about the Users mailing list