[Openswan Users] KLIPS message dmesg
Paul Wouters
paul at xelerance.com
Thu Nov 2 17:49:50 EST 2006
On Thu, 2 Nov 2006, André Marascalchi Zenun wrote:
> Paul sorry for my lack of knowledge about IPSec but I really don't know
> much about KLIPS and NETKEY! I was searching in the google and see that
> KLIPS and NETKEY are incompatible but I don't know witch is better and
> how can I disable NETKEY!
> >> CONFIG_XFRM=y
> >> CONFIG_XFRM_USER=y
> >> CONFIG_NET_KEY=y
> >> CONFIG_INET_AH=y
> >> CONFIG_INET_ESP=y
> >> CONFIG_INET_IPCOMP=y
> >> CONFIG_INET_XFRM_TUNNEL=y
> >> CONFIG_INET_TUNNEL=y
> >> CONFIG_INET_XFRM_MODE_TUNNEL=y
> >> CONFIG_INET_XFRM_MODE_TRANSPORT=y
Disable all of the above.
> >> CONFIG_KLIPS_ESP=y
> >> CONFIG_KLIPS_AH=y
> >> CONFIG_KLIPS_AUTH_HMAC_MD5=y
> >> CONFIG_KLIPS_AUTH_HMAC_SHA1=y
> >> CONFIG_KLIPS_ENC_CRYPTOAPI=y
> >> CONFIG_KLIPS_ENC_1DES=y
> >> CONFIG_KLIPS_ENC_3DES=y
> >> CONFIG_KLIPS_ENC_AES=y
> >> CONFIG_KLIPS_ENC_NULL=y
> >> CONFIG_KLIPS_IPCOMP=y
> >> CONFIG_KLIPS_DEBUG=y
Leave all of these on, except CONFIG_KLIPS_ENC_NULL - turn null encryption
off as well.
I am still confused why your openswan didnt refuse to start though. I will
have to test this myself on a kernel.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list