[Openswan Users] OpenSwan 1.x -> OpenSwan 2.x migration
Stephen Jones
hivemynd at hivemynd.net
Tue Feb 28 11:15:06 CET 2006
Thanks Paul!
It's the "in theory" part that wrinkles my brow ;) We are a few months
away from hitting this head-on. Thanks again for the reply!
-SJ
Paul Wouters wrote:
> On Mon, 27 Feb 2006, Stephen Jones wrote:
>
>
>>(a) Is there already a posted "HowTo" for this scenario out there that I just
>>couldn't find?
>
>
> I don't think there is one.
>
>
>>(b) Is this scenario covered in the recently published "Building and
>>Integrating Virtual Private Networks with Openswan" book?
>
>
> It is covered in the book briefly, but there really is not that much to it
> if you keep on the 2.4 linux kernel.
>
> - remove plutoload= and plutostart= options from ipsec.conf
> - Ad as first line "version 2" to ipsec.conf
> - include /etc/ipsec.d/examples/no_oe.conf if not using Opportunistic Encryption
>
> There are some minor issues that could come up. A change in the order
> of proposals could cause broken connections to certain (too) strict
> ipsec hardware. Perhaps we fixed a bug that an older version you are
> connecting with still has that gets triggered.
>
> In theory, it shouldn't be a big deal to migrate.
>
> Paul
>
>
More information about the Users
mailing list