[Openswan dev] openswan 2.1.0rc1 rpms

Paul Wouters paul at xelerance.com
Mon Mar 8 13:50:00 CET 2004


On Mon, 8 Mar 2004, Axel Thimm wrote:

> Just to be on the safe side, do the following settings make sense as
> a _default_ for production sites ("production" as in "let's pretend I
> haven't seen the rc1 suffix" ;)?
> 
> CONFIG_IPSEC=m
> CONFIG_IPSEC_IPIP=y
> CONFIG_IPSEC_AH=y
> CONFIG_IPSEC_AUTH_HMAC_MD5=y
> CONFIG_IPSEC_AUTH_HMAC_SHA1=y
> CONFIG_IPSEC_ESP=y
> CONFIG_IPSEC_ENC_3DES=y
> CONFIG_IPSEC_IPCOMP=y
> CONFIG_IPSEC_DEBUG=y
> # CONFIG_IPSEC_REGRESS is not set"

At this point, I would also not compile in CONFIG_IPSEC_IPCOMP. There are
interop problems with it, and there is currently no switch to disable
using it, since compress=no just meants we don't advertise it.
It probably kills interop with 2.6 and/or other Kame based stacks.

Paul 



More information about the Dev mailing list