Penguin

KLIPS is an Acronym for Kernel Layer IP Security.

It is the kernel portion of the FreeSwan project, and is available for kernels from 2.0 -> 2.6.

It has never been part of the mainline kernel, mostly because the FreeS/WAN developer was worried about US export restrictions on Cryptography and as such never allowed it to be worked on by US developers. David Miller developed 26sec to replace it and it is in the mainline 2.6 kernels.

The main difference you will see between the two implementations is that KLIPS provides an ipsecN interface where 26sec does not. KLIPS is also much older and mature code.

KLIPS Notes

If you're using Debian, you can download openswan-modules-source or freeswan-modules-source to get the source for the modules, which you can build against your kernel without rebuilding the entire thing, unless you need NAT traversal (IPsec over UDP port 4500). NAT traversal requires a small kernel patch, and it (and the modules source) is in the package kernel-patch-openswan. To do either, you need full kernel source (headers are not enough). This is all very clearly documented in /usr/share/doc/openswan-modules-source/README.Debian.gz.


CategorySecurity