[Openswan dev] Out of tree compilation?
Paul Wouters
paul at xtdnet.nl
Tue Jan 6 17:48:25 CET 2004
On Tue, 6 Jan 2004, Axel Thimm wrote:
> OK, that would apply to RHEL3 for instance. RH 7.3,8.0 and 9 do not
> contain backported ipsec parts. So in this case for openswan 1.x one
> would need a kernel patch or a netfiler module as Micheal suggested.
Yes, for which an iptables module is the best, since it won't need a kernel
recompile. The current nat-t requires changes to udp.c, and thus does require
a kernel recompile, making the entire freeswan package depend on the kernel package,
which is a very ackward situation.
> Is developement of 1.x with a netfilter module worth while, or should
> it concentrate on 2.x?
It depends on how long people will keep using 2.4 kernels (without the ipsec
backport).
> I was about to build openswan 2.x rpms, but the recent kernel security
> bug keeps my build system occupied with rebuilding 35 ATrpms kernels
> and ~350 kernel module rpms :(
I'll look forward to the openswan rpms in a few days :)
Paul
More information about the Dev
mailing list