[Openswan Users] Kernel option for default boot to KLIPS in place of NETKEY

Paul Wouters paul at xelerance.com
Sat Jun 14 15:27:08 EDT 2008

> I tried to setup two servers running Openswan 2.4.12 with the following :-



> For gateway# 1, it boots to KLIPS (by using ipsec --version) that is I
> want it to be. My problem is that gateway #2 always boot to NETKEY. I
> hope someone to advise what determine if the gateways boot to KLIPS or
> NETKEY? How to set the kernel options so that the gateway always boot to
> KLIPS instead of NETKEY?

For openswan 2.4.x, it works like this:

1 check if we have KLIPS (built inline)
2 check if we have NETKEY (built inline)
3 try modprobe'ing KLIPS and see if we have KLIPS module
3 try modprobe'ing NETKEY and see if we have NETKEY module
4 abort with fail

for openswan 2.6.x, there is a config option protostack= you can set.


without the protostack option, it falls back to 2.4.x behaviour.

For you it looks like KLIPS on the second box is failing, and therefor
it falls back to netkey.


More information about the Users mailing list