On Tue, 13 Mar 2018, Erik Andersson wrote:
Ok thanks! Trying to replace klips with netkey. I experience some weird klips kernel crashes on kernel 4.14 (haven't looked into it in detail). Also, klips seems not to be able to "fully" hook up to the kernel crypto API in kernel version 4.14.
Yes, KLIPS really only supports 3des/aes and sha1/sha2/md5. It is best to switch to XFRM. We are planning to obsolete KLIPS as soon as VTI or XFRMI interfaces are fully supported (including host-to-host IPsec SA's, one interface for all roadwarriors, and properly automatically adding/removing of interfaces. Paul _______________________________________________ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
