[Openswan Users] NETKEY or ipsec interfaces
Marco Berizzi
pupilla at hotmail.com
Tue May 23 11:12:55 CEST 2006
Tomasz Grzelak wrote:
>Marco Berizzi wrote:
>>Tomasz Grzelak wrote:
>
>>>What are adventages and disadventages of both methods?
>>
>>
>>The only advantage for netkey is that you don't need to
>>patch the kernel. Netkey also supports ipv6. KLIPS have
>>virtual interfaces, netkey doesn't.
>>
>
>ok, thank you for info. But are there any disadvantages? I mean, does KLIPS
>have anything that NETKEY does not?
KLIPS have virtual interfaces, netkey doesn't.
netkey + iptables 1.3.5 supports 'policy match',
which allow you to filter/nat traffic inside
tunnels as you do with klips virtual interface.
More information about the Users
mailing list