[Openswan Users] Fedora with netkey and freeswan with klips

Alex mysqlstudent at gmail.com
Sat Jan 15 16:13:25 EST 2011


I'm an ipsec novice, and have inherited an freeswan net-to-net system to
upgrade. I'm using an older version of freeswan on one end, and have converted
the other (to the best of my ability) to use openswan with netkey.

I believe the other system is using klips instead of netkey which would be why
the systems don't connect.

I've already converted the certificates to work with an NSS database on the
openswan side.

There don't appear to be any error messages in the logs on either side; the
systems just don't connect.

I'm unsure what logging or configuration information to provide so that this
problem can be fixed.

It looks like even though I've disabled netkey, it likes to use it anyway:

Jan 15 16:01:19 fc14 ipsec_setup: No KLIPS support found while requested,
desperately falling back to netkey
Jan 15 16:01:19 fc14 ipsec_setup: NETKEY support found. Use protostack=netkey in
/etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with
Jan 15 16:01:19 fc14 ipsec_setup: Using NETKEY(XFRM) stack

What effect would using these two different methods have?


More information about the Users mailing list