Seek your guidance on setting up Libreswan with klips other than netkey. Let us start from the beginning.
I installed Libreswan v4.4 and it pops up with this: Linux Libreswan 4.4 (netkey) on 5.4.0-1047-aws. I begin to have issues with the AMI I built since our architecture uses klips, not netkey.
I read online Libreswan has removed klips from v4.0 onward: https://libreswan.org/wiki/FAQ. After reading this post from Libreswan, I installed Libreswan 3.30 and got this: Linux Libreswan 3.30 (netkey) on 5.4.0-1047-aws. It still shows netkey, so after some more digging into it. I would have to modify IPsec from the file itself: /etc/ipsec.conf. As I was going to modify the file inside I noticed there is no protostack to change the default to klips. I experimented by adding protostack=klips to the setup and after restarting ipsec.service it gave Failed error. Research more in the documentation and found klips has been removed:
protostack
decide which protocol stack is going to be used. Valid values are "xfrm" and "bsd". This option should no longer be set, as the stack is currently auto-detected. The values "klips, "mast", "netkey", "native", "kame" and "auto" are obsolete. The option is kept only because it is suspected that Linux and BSD will get userspace stacks with IPsec support soon (such as dpdk).
If anyone has experience in IPsec and Libreswan, I would greatly appreciate any help. Thanks!
0 Answers