[Openswan Users] Help! for manual keying the open swan 2.4.7 - KLIPS

Paul Wouters paul at xelerance.com
Thu Feb 15 12:19:04 EST 2007


On Thu, 15 Feb 2007, phani.kancharla at oneconvergence.com wrote:

>  I am new to IPSec. I can able to use the native (netkey) IPSec in Linux
> 2.6.16.13 but facing problem with KLIPS.
> I have the following doubts regarding usage of KLIPS:
> 1. Can we use setkey for manual keying?? if not, is there any other way for the
> same.

No. the setkey tool is for the KAME setup, not Openswan. KLIPS is the
Openswan stack. Openswan userland can use both KLIPS and NETKEY (kame),
but the kame tools cannot use KLIPS.

> 2. How to write the polices and SAs in the case of manual keying??

man ipsec.conf. See the section about manual keying. and see the command
ipsec manual --help.

As a side note. No one should be using manual keying ever.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list