[Openswan Users] Switching from Klips to Netkey?

Magnus Holmberg magnus.holmberg at pepto.se
Mon Nov 7 12:54:13 EST 2011


Hello. I have an old server running openswan that I try to replace with 
a new one.
When i just copy my config files I got an message saying something like
No KLIPS support found while requested, desperately falling back to 
netkey...

I guess that there is no klips support in the kernel I use. How do I 
change my setup to use netkey instead of clips?
I have posted my config below:




config setup
         interfaces="ipsec0=eth0"
         syslog=auth.debug
         # Debug-logging controls:  "none" for (almost) none, "all" for 
lots.
         klipsdebug=all
         plutodebug=none



conn A
         authby=secret
         auto=start
         dpddelay=3
         dpdtimeout=120
         dpdaction=restart
         rekey =yes
         keylife=30m
         ikelifetime=30m
         left=X.X.X.X
         leftnexthop=%direct
         leftsubnet=X.X.X.X/32
         pfs=yes
         right=X.X.X.X
         rightid=X.X.X.X
         rightnexthop=%direct
         rightsubnet=X.X.X.X/32



conn B
     authby=secret
     auto=start
     rekey=yes
     left=X.X.X.X
     leftsubnet=X.X.X.X/28
     auth=esp
     keyexchange=ike
     ikelifetime=28800s
     keylife=3600s
     right=X.X.X.X
     rightsubnet=X.X.X.X/29
     ike=aes256-sha1-modp1024
     esp=aes256-sha1
     dpddelay=3
     dpdtimeout=120
     dpdaction=restart
     aggrmode=no
     pfs=yes

conn block
     auto=ignore


conn private
     auto=ignore


conn private-or-clear
     auto=ignore


conn clear-or-private
     auto=ignore

conn clear
      auto=ignore

conn packetdefault
      auto=ignore



More information about the Users mailing list