[Openswan Users] klips stability & kernel versions

Chris Haumesser chris at osafoundation.org
Fri Jul 7 16:57:04 CEST 2006

Hi everyone,

I've been having some mixed results getting openswan working in my

When I started this project, there were some limitations in the NETKEY
implementation that led me to use KLIPS instead.

Now I suspect that KLIPS is causing other networking problems with the
kernel(s) I'm using.  On two different pieces of hardware now, I've
experienced serious problems with iptables (forks hundreds of processes
until the system runs out of RAM), tcpdump, and other standard
networking utilities.  I have tried,, and a handful
of other kernels.  The patches apply cleanly and the kernels compile

So my questions:

What 2.6-series kernel do OpenSwan developers actually use for KLIPS
testing?  Is there a "recommended" or "known-to-play-nice-with" version?

Has anyone seen this type of anomalous behavior with iptables and other
network tools?  Is there something I'm missing?



More information about the Users mailing list