[Openswan dev] openswan 2.1.0rc1 rpms

Axel Thimm Axel.Thimm at ATrpms.net
Tue Mar 9 18:09:51 CET 2004


On Mon, Mar 08, 2004 at 01:50:00PM +0100, Paul Wouters wrote:
> On Mon, 8 Mar 2004, Axel Thimm wrote:
> 
> > Just to be on the safe side, do the following settings make sense as
> > a _default_ for production sites ("production" as in "let's pretend I
> > haven't seen the rc1 suffix" ;)?
> > 
> > CONFIG_IPSEC=m
> > CONFIG_IPSEC_IPIP=y
> > CONFIG_IPSEC_AH=y
> > CONFIG_IPSEC_AUTH_HMAC_MD5=y
> > CONFIG_IPSEC_AUTH_HMAC_SHA1=y
> > CONFIG_IPSEC_ESP=y
> > CONFIG_IPSEC_ENC_3DES=y
> > CONFIG_IPSEC_IPCOMP=y
> > CONFIG_IPSEC_DEBUG=y
> > # CONFIG_IPSEC_REGRESS is not set"
> 
> At this point, I would also not compile in CONFIG_IPSEC_IPCOMP. There are
> interop problems with it, and there is currently no switch to disable
> using it, since compress=no just meants we don't advertise it.

OK, adjusted accordingly. The resulting kernels can be found at

    http://atrpms.physik.fu-berlin.de/name/kernel/

(the ones with the "_39" tag).

But it has already been reported that these still have no NAT-T
support (ESPINUDP(1) not supported by kernel). What did I do wrong?
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20040309/e0646cd1/attachment.bin


More information about the Dev mailing list