[Openswan Users] Which version of updown script to use

Tuomo Soini tis at foobar.fi
Mon Apr 30 11:24:58 EDT 2012

On Sat, 28 Apr 2012 19:16:05 -0400
"John A. Sullivan III" <jsullivan at opensourcedevel.com> wrote:

> Hello, all.  We sometimes provide slightly customized updown scripts
> based upon the stock updown scripts.  However, we are having a slight
> issue with older versus newer devices.  Some are still on the 2.4
> kernel and using very old implementations.
> These have the very old updown scripts with things like:
> doroute() {
>         parms="-net $PLUTO_PEER_CLIENT_NET netmask
>                 # horrible kludge for obscure routing bug with
> opportunistic it="route $1 -net netmask $parms2 &&
>                         route $1 -net netmask
> $parms2" ;;
>         *)      it="route $1 $parms $parms2"
>                 ;;
>         esac
> How do we know which devices take the old style scripts and which take
> the new? Is the change from pluto 1.1 to 2.0? Is it the change from
> the 2.4 kernel to the 2.6? Thanks - John

If you have devices running openswan-1.x you should do immediate
upgrade. Openswan-1 series has been end of the life for several years
now and there are security issues on that version.

Interfaces for _updown script hasn't been changing. Any linux-2.2+
kernel with proper iproute2 support should work with current script.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Users mailing list