[Openswan Users] Status of KLIPS
Mathias Sundman
mathias at openvpn.se
Tue Mar 10 22:32:38 EDT 2009
What's the status of KLIPS today? Is it still an activly developed project
that you can rely on, or is it a dead, abandoned project?
Is there any Linux distribution, preferable firewall/router oriented that
ships with a KLIPS enabled kernel?
I really, really miss the ipsecX interfaces from KLIPS on recent linux
kernels with NETKEY, like beeing able to write simple iptables rules based
in traffic comming in or going out on the ipsec interface, and beeing able
to run tcpdump on the ipsec0 interface for troubleshooting.
>From a user and firewall admin perspective it was a so much better design
to have virtual interfaces to work with.
Is using the policy module of iptables the de facto way of getting similar
functionallity with NETKEY as you had with the ipsecX interfaces with
KLIPS, or is there any other method to filter traffic based on whether it
is comming from/going to an IPsec tunnel?
Br // Mathias
More information about the Users
mailing list