[Openswan Users] Fedora with netkey and freeswan with klips
Alex
mysqlstudent at gmail.com
Sat Jan 15 16:13:25 EST 2011
Hi,
I'm an ipsec novice, and have inherited an freeswan net-to-net system to
upgrade. I'm using an older version of freeswan on one end, and have converted
the other (to the best of my ability) to use openswan with netkey.
I believe the other system is using klips instead of netkey which would be why
the systems don't connect.
I've already converted the certificates to work with an NSS database on the
openswan side.
There don't appear to be any error messages in the logs on either side; the
systems just don't connect.
I'm unsure what logging or configuration information to provide so that this
problem can be fixed.
It looks like even though I've disabled netkey, it likes to use it anyway:
Jan 15 16:01:19 fc14 ipsec_setup: No KLIPS support found while requested,
desperately falling back to netkey
Jan 15 16:01:19 fc14 ipsec_setup: NETKEY support found. Use protostack=netkey in
/etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with
NETKEY
Jan 15 16:01:19 fc14 ipsec_setup: Using NETKEY(XFRM) stack
What effect would using these two different methods have?
Thanks,
Alex
More information about the Users
mailing list