[Openswan Users] klips stability & kernel versions

Gary W. Smith gary at primeexalia.com
Fri Jul 7 17:44:06 CEST 2006


You have a very good point here.  I have had the same complaint with the
netfilter group where they would say "It works for me".  When asked what
version they refer the some nightly build last week.  

I think that a lot of people miss that people use these in controller
production environments where this isn't practical or possible to keep
changing kernels every day.

Anyway, it would be nice for the builders to also include the kernel for
which it was built/tested on.

> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
> Behalf Of Chris Haumesser
> Sent: Friday, July 07, 2006 3:57 PM
> To: users at openswan.org
> Subject: [Openswan Users] klips stability & kernel versions
> Hi everyone,
> I've been having some mixed results getting openswan working in my
> environment.
> When I started this project, there were some limitations in the NETKEY
> implementation that led me to use KLIPS instead.
> Now I suspect that KLIPS is causing other networking problems with the
> kernel(s) I'm using.  On two different pieces of hardware now, I've
> experienced serious problems with iptables (forks hundreds of
> until the system runs out of RAM), tcpdump, and other standard
> networking utilities.  I have tried,, and a handful
> of other kernels.  The patches apply cleanly and the kernels compile
> cleanly.
> So my questions:
> What 2.6-series kernel do OpenSwan developers actually use for KLIPS
> testing?  Is there a "recommended" or "known-to-play-nice-with"
> Has anyone seen this type of anomalous behavior with iptables and
> network tools?  Is there something I'm missing?
> Thanks.
> -C-
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:

More information about the Users mailing list