* Scott Mcdermott (smcdermott@xxxxxxxxxxx) wrote:
> What, openswan uses PF_KEY last I checked on kernel 2.6. I
> guess you can use KLIPS, but why would you? What's this
> "netfilter-interface" to ipsec code?
This confused me too...
> I had the exact same problem the original poster had with
> Racoon. SPDs would multiply without bounds, seemingly
> geometrically.
Yeah. Not good. :(
> I switched to strongswan and the problems immediately
> vanished. There is some bug in racoon where it doesn't
> replace SPDs. I used the latest ipsec-utils and kernel and
> this problem did not go away until I switched instead to
> strongswan (still using PF_KEY) (it also worked with
> openswan).
Sounds like I may need to check out strongswan/openswan.
I can tell you I wasn't exactly a fan of freeswan for a variety
of reasons. I'm suprised there havn't been more people
talking about and looking into fixing this, kind of concerning..
Thanks,
Stephen
signature.asc
Description: Digital signature
|