Differences between current version and revision by previous author of KLIPS.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 4 | Last edited on Monday, October 17, 2005 1:30:13 pm | by CraigBox | |
| Older page: | version 3 | Last edited on Monday, October 17, 2005 12:46:44 pm | by IanMcDonald | Revert |
@@ -3,8 +3,12 @@
It is the kernel portion of the [FreeSwan] project, and is available for kernels from 2.0 -> 2.6.
It has never been part of the mainline kernel, mostly because the FreeS/WAN developer was worried about US export restrictions on [Cryptography] and as such never allowed it to be worked on by US developers. David Miller developed [26sec] to replace it and it is in the mainline 2.6 kernels.
-The main difference you will see between the two implementations is that KLIPS provides an ipsecN interface where 26sec does not. KLIPS also appears to be
much more
mature when used with
the S
/WAN userspace tools
.
+The main difference you will see between the two implementations is that KLIPS provides an ipsecN interface where 26sec does not. KLIPS is
also much older and
mature code.
+
+!!KLIPS Notes
+
+If you're using Debian, you can download __openswan-modules-source__ or freeswan-modules-source to get
the source for the modules, which you can build against your kernel without rebuilding the entire thing, unless you need [NAT] traversal (IPsec over [UDP] port 4500). [NAT] traversal requires a small kernel patch, and it (and the modules source) is in the package __kernel-patch-openswan__. To do either, you need full kernel source (headers are not enough). This is all very clearly documented in ''/usr/share/doc/openswan-modules-source
/README.Debian.gz''
.
----
CategorySecurity
