IPsec HowTo
Posted: 25 Nov 2011, 04:57
Yes, I know there is a Wiki on this, but this is something else and I should probably therefore call it (Yet) Another IPsec HowTo. I won't, and I will also not write my own Wiki on this because frankly I cannot be certain if what I'm writing here will be fully complete. If someone can verify that this is in fact the right way to do it, you're welcome to add it to the Wiki yourself.
Why this other HowTo?
Simple: the Wiki didn't work for me. I did all the stuff in there and I did in fact manage to get a connection up with a different machine, but when I tried to get anything across it died. Worst thing is that the XFRM and NETKEY modules got stuck in memory and I had to reboot, which I did quite a lot while trying to stabilize it to no result.
Why not simply change the existing Wiki?
The existing Wiki is about StrongSwan and this can only operate with XFRM and NETKEY modules, which I traced back to be the source of all my troubles. The older box I was using on the other end was running something called OpenSwan and this implements its own net module called KLIPS.
What's the difference between StrongSwan and OpenSwan?
Well, apparently OpenSwan leans somewhat more to the older version 1 IKE protocol and implements just the basic elements of version 2 IKE - StrongSwan implements everything from version 2 IKE, but not everything from version 1 IKE. The OpenSwan wiki has a Feature Comparison, but this is for the experimental version 3.0 and this HowTo will be about the stable version 2.6.
Let's get our hands dirty in the next message of this thread...
Why this other HowTo?
Simple: the Wiki didn't work for me. I did all the stuff in there and I did in fact manage to get a connection up with a different machine, but when I tried to get anything across it died. Worst thing is that the XFRM and NETKEY modules got stuck in memory and I had to reboot, which I did quite a lot while trying to stabilize it to no result.
Why not simply change the existing Wiki?
The existing Wiki is about StrongSwan and this can only operate with XFRM and NETKEY modules, which I traced back to be the source of all my troubles. The older box I was using on the other end was running something called OpenSwan and this implements its own net module called KLIPS.
What's the difference between StrongSwan and OpenSwan?
Well, apparently OpenSwan leans somewhat more to the older version 1 IKE protocol and implements just the basic elements of version 2 IKE - StrongSwan implements everything from version 2 IKE, but not everything from version 1 IKE. The OpenSwan wiki has a Feature Comparison, but this is for the experimental version 3.0 and this HowTo will be about the stable version 2.6.
Let's get our hands dirty in the next message of this thread...