[Openswan Users] KLIPS on debian with 2.6 kernel?

Peter McGill petermcgill at goco.net
Fri Sep 26 09:40:08 EDT 2008


There is an option now in ipsec.conf.
config setup # section
	protostack=klips # or netkey

It is supposed to select which IPSec stack to use.

Although the best method is probably to compile a
custom kernel with KLIPS and without NETKEY.
This is what I have done. There was a good tutorial,
with all the kernel options you need to select and
unselect, but I can't find it. I'll check again when
I get to the office.


Nick Abbey wrote:
> Hello World!
> I'm new to openSwan, I got started with dd-wrt, but that was seeming 
> like I was breaking new group, due to the lack of documentation (and 
> documented sucess stories!).  Finally I realized that installing to a 
> linux distro first to verify that everything would work would be a 
> better idea then plugging along with the router install.  Plus it would 
> give me a reference to compare the dd-wrt install to.  Plus, I'm pretty 
> sure I'm going to have to build a custom wrt image to get this all 
> working, and that's best done in linux.
> So here I am.  I grabbed the latest debian, 4.04ra and installed to a 
> VMware box.  It's up and running great.  I'm able to use apt to install 
> openSwan.  I know the IPSEC implementation in Debian with kernel 2.6 is 
> NETKEY.  But I'm not going to be able to use that on my dd-wrt box.  
> That distro is on kernel 2.4 so I'll have to use KLIPS.
> I'm reading "Building And Integrating Virtual Private Networks With 
> Openswan" and there are plenty of instructions on building KLIPS from 
> source, which I'm sure I can handle.  I'm not a noob but haven't 
> actually compiled anything under Linux in a while.  Anyway, the point is 
> that I want to know - if I compile a KLIPS module and load it up, how 
> can I make sure that openSwan uses it instead of the NETKEY 
> implementation?  Also, since IPV6 is built in to this kernel, will I 
> have issues using KLIPS?  I know I can patch in the IPV6 support, but 
> rememebr that this is supposed to be a reference platform the wrt box, 
> where I will be on IPv4.  To complicate matters, the intended endpoint 
> host is an iPhone, which is also IPv4.  It SHOULD be ok for my iPhone to 
> conenct to my linux box due to backwards compatibilty of IPv6.  notice 
> the stress on "SHOULD".  :)  So what's my best bet?
> I'm thinking...  Custom Kernel with IPv4 and KLIPS built in. 
> Any advice on the feasibility of this, plus caveats or pitfalls to avaid 
> would be GREATLY appreciated.
> Thanks!
> Nick
> ------------------------------------------------------------------------
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list