[Openswan Users] What is PLUTO_PEER_REF and how does OpenSwan define it?
Danilo Godec
danilo.godec at agenda.si
Wed Nov 17 02:00:47 EST 2010
On 11/09/2010 08:37 PM, Paul Wouters wrote:
> On Tue, 9 Nov 2010, Danilo Godec wrote:
>
>> What are SAref's and what are they used for?
>
> See the archives, or check openswan-2.6.x/docs/MAST*
>
>> Should it be possible to use OpenSwan's MAST without SAref and without
>> the need for FW marks and IP rules?
>
> Mast is really klips with saref support. Without saref, you should
> stay with
> using protostack=klips
That's what I'd like to do, but I can't get KLIPS to work with CheckPoint.
>
>> I'm coming from a world of KLIPS and would like like to keep it - but
>> unfortunately the current kernel / OpenSwan combination on OpenSuSE 11.2
>> doesn't work with Checkpoin while MAST does - with the same set of
>> parameters (with addition of 'sareftrack=conntrack').
>
> That should not be a mast issue. Perhaps just an updated klips issue?
> If you have sareftrack= and protostack=mast but did not patch the suse
> kernel
> with saref, then protostack=klips should work equally well.
Is there any reason why MAST would work with CheckPoint and KLIPS
wouldn't (with identical configuration, apart from the 'protostack' and
'updown' script)?
Danilo
More information about the Users
mailing list