[Swan] NetKey vs KLIPS

[Lawrence Manning]

Hi there List,

I’ve looked for this information, but I can’t find it.

In essence, what are the advantages to using NETKEY? Since the libreswan folks are committed to KLIPS, I’m assuming that KLIPS is considered superior. But why do others use NETKEY?

I’ve used *swan since the days where FreeSwan needed to be patched to support x509 certs, and after trying out NEKEY for a few weeks in a test setup I found the routing/firewall mechanism harder to work with then KLIPS’s explicit ipsecX interfaces. But beside this, they seemed functionally similar. How does interoperability faire under NETKEY? Are there any known regressions compared to KLIPS? Eg. L2TP ontop of NETKEY/IPSec etc.

In essence, I’m wondering if KLIPS will continue to be maintained “forever” or is it less pain now to just make the switch?

-- 

Lawrence Manning
Founder and Developer
lawrence.manning at smoothwall.net

Smoothwall Ltd
Phone: +44 (0) 8701 999500
www.smoothwall.net

Smoothwall Limited is registered in England, Company Number: 4298247 and whose registered address is 1 John Charles Way, Leeds, LS12 6QA United Kingdom 
This email and any attachments transmitted with it are confidential to the intended recipient(s) and may not be communicated to any other person or published by any means without the permission of Smoothwall Limited. Any opinions stated in this message are solely those of the author.