[Openswan Users] Status of KLIPS

Mathias Sundman mathias at openvpn.se
Tue Mar 10 22:32:38 EDT 2009

What's the status of KLIPS today? Is it still an activly developed project 
that you can rely on, or is it a dead, abandoned project?

Is there any Linux distribution, preferable firewall/router oriented that 
ships with a KLIPS enabled kernel?

I really, really miss the ipsecX interfaces from KLIPS on recent linux 
kernels with NETKEY, like beeing able to write simple iptables rules based 
in traffic comming in or going out on the ipsec interface, and beeing able 
to run tcpdump on the ipsec0 interface for troubleshooting.

>From a user and firewall admin perspective it was a so much better design 
to have virtual interfaces to work with.

Is using the policy module of iptables the de facto way of getting similar 
functionallity with NETKEY as you had with the ipsecX interfaces with 
KLIPS, or is there any other method to filter traffic based on whether it 
is comming from/going to an IPsec tunnel?

Br // Mathias

More information about the Users mailing list