[Openswan dev] Out of tree compilation?

Paul Wouters paul at xtdnet.nl
Tue Jan 6 17:48:25 CET 2004

On Tue, 6 Jan 2004, Axel Thimm wrote:

> OK, that would apply to RHEL3 for instance. RH 7.3,8.0 and 9 do not
> contain backported ipsec parts. So in this case for openswan 1.x one
> would need a kernel patch or a netfiler module as Micheal suggested.

Yes, for which an iptables module is the best, since it won't need a kernel
recompile. The current nat-t requires changes to udp.c, and thus does require
a kernel recompile, making the entire freeswan package depend on the kernel package,
which is a very ackward situation.
> Is developement of 1.x with a netfilter module worth while, or should
> it concentrate on 2.x?

It depends on how long people will keep using 2.4 kernels (without the ipsec

> I was about to build openswan 2.x rpms, but the recent kernel security
> bug keeps my build system occupied with rebuilding 35 ATrpms kernels
> and ~350 kernel module rpms :(

I'll look forward to the openswan rpms in a few days :)


More information about the Dev mailing list