Menu
I know both are IPSEC stacks in Linux kernel and that KLIPS is older and Netkey is newer but other than that I find no other documentation of them. I want to know the real technical differences between them. Is there any one here who can tell me the difference or share some documentation source?
Any help would be appreciated.
836
From the article linked by shdobxr, the most relevant part regarding the difference between KLIPS and Netkey seems to be the following:
When you apply firewall (iptables) rules, KLIPS is the easier case, because with KLIPS, you can identify IPsec traffic, as this traffic goes through ipsecX interfaces. You apply iptables rules to these interfaces in the same way you apply rules to other network interfaces (such as eth0).
When using NETKEY, applying firewall (iptables) rules is much more complex, as the traffic does not flow through ipsecX interfaces; one solution can be marking the packets in the Linux kernel with iptables (with a setmark iptables rule). This mark is a member of the kernel socket buffer structure (struct sk_buff, from the Linux kernel networking code); decryption of the packet does not modify that mark.
Writing in 2014, all linux distros should now come with a kernel that support both KLIPS and Netkey.
95
http://www.linuxjournal.com/article/9916
This is by far the best break down of a VPN setup with either. You should be able to deduce what you need for this article.
Good luck!
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
