[Swan] What to do with some rare KLIPS-only options, currently broken
Paul Wouters
pwouters at redhat.com
Fri Jun 21 03:06:47 EEST 2013
On Fri, 21 Jun 2013, David McCullough wrote:
> I can only say that we have used overridemtu and hidetos in the past. I am
> not sure about fragicmp.
>
> All I can say is that we already have a number of other klips only options
> (like interfaces, klipsdebug). If we can manage those, is it really a
> huge burden to maintain compat with older config files ?
>
> I can say that more and more embedded systems will be using at least the
> "ipsec setup start" and similar scripts. I would probably say most already
> do. Any systemd/init.d stuff is probably a little less used but not that
> far from main stream.
Okay, then I will fix these options by adding support for them in
_stackmanager, which will require some support in addconn to get those
values. I've filed this as:
Bug 127 - Fix _startklips options lost in port to _stackmanager
> Of course we switched to NSS completely as well so this is pretty minor in
> comparison IMO ;-) :-) ;-)
Still open for #ifdef NSS / OPENSSL :)
Paul
More information about the Swan
mailing list