[Openswan Users] klips stability & kernel versions

[Chris Haumesser]

Hi everyone,

I've been having some mixed results getting openswan working in my
environment. 

When I started this project, there were some limitations in the NETKEY
implementation that led me to use KLIPS instead.

Now I suspect that KLIPS is causing other networking problems with the
kernel(s) I'm using.  On two different pieces of hardware now, I've
experienced serious problems with iptables (forks hundreds of processes
until the system runs out of RAM), tcpdump, and other standard
networking utilities.  I have tried 2.6.16.21, 2.6.15.4, and a handful
of other kernels.  The patches apply cleanly and the kernels compile
cleanly.

So my questions:

What 2.6-series kernel do OpenSwan developers actually use for KLIPS
testing?  Is there a "recommended" or "known-to-play-nice-with" version?

Has anyone seen this type of anomalous behavior with iptables and other
network tools?  Is there something I'm missing?

Thanks.


-C-