[Openswan Users] KLIPS or NETKEY?

Jason Voorhees jvoorhees1 at gmail.com
Sat Jan 26 11:23:09 EST 2008


This is my first post to this list, I hope you can understand me because
my English is not very good yet (i think so).

Well, let's start:

I was reading something about IPSec and Openswan in a good book. I know
there are two major ipsec stacks: KLIPS and NETKET right? The book
recommends using KLIPS but it's not part of the kernel while NETKET does.

I decided to investigate on Google and I found there was a problem using
NETKEY and some packets with DF flag set, right? That made me thing I
should use KLIPS instead because of its better Path MTU Discovery
implementation as I read in the book but...

1. Is that "bug" in NETKEY/Openswan already solved?
2. What IKE daemon should I use? (the book recommends pluto)
3. Should I use KLIPS or NETKEY implementation? Why?

I'm a Debian user and I know there are patches of KLIPS wich I could use
without problems (in debian repositories), but I think it's necessary to
get opinions from people with more experience than me.

Thanks :)

More information about the Users mailing list