blob: cde9f038eb1b7a8649ff0ba1060cd457fef268c8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
strongswan for Debian
----------------------
1) General Remarks
This package has been created from the openswan package, which was again
created from the freeswan package, which was created from scratch with some
ideas from the freeswan 1.3 package by Tommi Virtanen and the freeswan 1.5
package by Aaron Johnson merged in.
The differences between the strongSwan and the Openswan packages are
documented at http://www.strongswan.org/ .
2) Kernel Support
Note: This package can make use of the in-kernel IPSec stack, which is
available in the stock Debian kernel images (>=2.4.24 and 2.6.x).
If you want to use the strongswan utilities, you will need the appropriate
kernel modules. The Debian default kernel native IPSec stack (which is
included in Linux 2.6 kernels and has been backported to Debian's 2.4 kernels)
can be used out-of-the-box with strongswan pluto, the key management daemon.
This native Linux IPSec stack is of high quality, has all of the features of
the latest Debian freeswan and openswan packages (i.e. support for other
ciphers like AES and NAT Traversal support) and is well integrated into the
kernel networking subsystem (which is not true for the freeswan kernel
modules). This is the recommended kernel support for strongswan.
If you do not want to use the in-kernel IPSec stack of newer 2.6 kernels or
are building a custom 2.4 kernel, then the KLIPS kernel part can be used.
strongswan no longer ships this part, but is instead focussing on the newer
native IPSec stack. However, strongswan is interoperable with the KLIPS part
shipped with openswan, both for 2.4 and 2.6 series kernels. Please install
either the linux-patch-openswan or the openswan-modules-source packages and
follow their respective README.Debian files when you want to use KLIPS.
-- Rene Mayrhofer <rmayr@debian.org>, Sun, Jul 09 12:31:00 2006
|
