[Openswan Users] Which version of updown script to use
Tuomo Soini
tis at foobar.fi
Mon Apr 30 11:24:58 EDT 2012
On Sat, 28 Apr 2012 19:16:05 -0400
"John A. Sullivan III" <jsullivan at opensourcedevel.com> wrote:
> Hello, all. We sometimes provide slightly customized updown scripts
> based upon the stock updown scripts. However, we are having a slight
> issue with older versus newer devices. Some are still on the 2.4
> kernel and using very old implementations.
>
> These have the very old updown scripts with things like:
>
> doroute() {
> parms="-net $PLUTO_PEER_CLIENT_NET netmask
> $PLUTO_PEER_CLIENT_MASK" parms2="dev $PLUTO_INTERFACE gw
> $PLUTO_NEXT_HOP" case
> "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0")
> # horrible kludge for obscure routing bug with
> opportunistic it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
> route $1 -net 128.0.0.0 netmask 128.0.0.0
> $parms2" ;;
> *) it="route $1 $parms $parms2"
> ;;
> esac
>
> How do we know which devices take the old style scripts and which take
> the new? Is the change from pluto 1.1 to 2.0? Is it the change from
> the 2.4 kernel to the 2.6? Thanks - John
If you have devices running openswan-1.x you should do immediate
upgrade. Openswan-1 series has been end of the life for several years
now and there are security issues on that version.
Interfaces for _updown script hasn't been changing. Any linux-2.2+
kernel with proper iproute2 support should work with current script.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
More information about the Users
mailing list