[Openswan Users] OpenSwan 1.x -> OpenSwan 2.x migration

Stephen Jones hivemynd at hivemynd.net
Tue Feb 28 11:15:06 CET 2006


Thanks Paul!

It's the "in theory" part that wrinkles my brow ;)  We are a few months 
away from hitting this head-on.  Thanks again for the reply!
-SJ

Paul Wouters wrote:
> On Mon, 27 Feb 2006, Stephen Jones wrote:
> 
> 
>>(a) Is there already a posted "HowTo" for this scenario out there that I just
>>couldn't find?
> 
> 
> I don't think there is one.
> 
> 
>>(b) Is this scenario covered in the recently published "Building and
>>Integrating Virtual Private Networks with Openswan" book?
> 
> 
> It is covered in the book briefly, but there really is not that much to it
> if you keep on the 2.4 linux kernel.
> 
> - remove plutoload= and plutostart= options from ipsec.conf
> - Ad as first line "version 2" to ipsec.conf
> - include /etc/ipsec.d/examples/no_oe.conf if not using Opportunistic Encryption
> 
> There are some minor issues that could come up. A change in the order
> of proposals could cause broken connections to certain (too) strict
> ipsec hardware. Perhaps we fixed a bug that an older version you are
> connecting with still has that gets triggered.
> 
> In theory, it shouldn't be a big deal to migrate.
> 
> Paul
> 
> 



More information about the Users mailing list