[Openswan Users] What is PLUTO_PEER_REF and how does OpenSwan define it?
Paul Wouters
paul at xelerance.com
Tue Nov 9 14:37:11 EST 2010
On Tue, 9 Nov 2010, Danilo Godec wrote:
> What are SAref's and what are they used for?
See the archives, or check openswan-2.6.x/docs/MAST*
> Should it be possible to use OpenSwan's MAST without SAref and without
> the need for FW marks and IP rules?
Mast is really klips with saref support. Without saref, you should stay with
using protostack=klips
> I'm coming from a world of KLIPS and would like like to keep it - but
> unfortunately the current kernel / OpenSwan combination on OpenSuSE 11.2
> doesn't work with Checkpoin while MAST does - with the same set of
> parameters (with addition of 'sareftrack=conntrack').
That should not be a mast issue. Perhaps just an updated klips issue?
If you have sareftrack= and protostack=mast but did not patch the suse kernel
with saref, then protostack=klips should work equally well.
Paul
More information about the Users
mailing list