[Openswan Users] openswan on dedibox

Paul Wouters paul at xelerance.com
Thu Nov 13 19:38:40 EST 2008


On Thu, 13 Nov 2008, Reza Issany wrote:

> Is it better to use KLIPS than NETKEY ?

It's a bit more stable at this point....

> If my problem is a policy error, how could I resolve it ?

I meant to say there are likely some bugs with NETKEY causing policies
to be missing.

Paul

> Reza Issany a écrit :
>> Yes, I use netkey :
>> root at nes:/data/xl2tpd-1.2.3# /etc/init.d/ipsec restart
>> ipsec_setup: Stopping Openswan IPsec...
>> ipsec_setup: Starting Openswan IPsec 2.6.18...
>> ipsec_setup: No KLIPS support found while requested, desperately falling 
>> back to netkey
>> ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf 
>> to avoid attempts to use KLIPS. Attempting to continue with NETKEY
>> 
>> 
>> 
>> Paul Wouters a écrit :
>>> On Thu, 13 Nov 2008, Reza Issany wrote:
>>>
>>> 
>>>> Ok, I've added debug tunnel = yes, I have recompiled the xl2tpd with 
>>>> DFLAGS
>>>> and change the mt and mru.
>>>> 
>>> 
>>> Hmm, didnt give us much more to go on :(
>>> 
>>> Are you using NETKEY? There might be a policy problem there.
>>> 
>>> Paul
>>>
>>> 
>> 
>


More information about the Users mailing list