[Openswan dev]
Re: [patch] RHEL3 (26sec) + Openswan-2.2.0 + NAT-T + KLIPS
Matthew Callaway
matt-openswan-dev at kindjal.net
Thu Oct 14 16:10:14 CEST 2004
I just noted a duplicate "lock_sock(sk)" in my patch. Must remove the
second one.
Would anyone else care to comment on the sanity of this patch?
MC
On Thu, 14 Oct 2004, Matthew Callaway wrote:
> The RHEL3 kernel (2.4.21-9.0.1.EL) has a 26sec backport of ipsec that
> supports NAT-Traversal in a way that differs from that of Openswan. If
> you build Openswan (2.2.0) and try to apply the Openswan NAT-T patch, it
> conflicts with RHEL3's.
>
> I've produced a patch that I think will allow both implementations to
> co-exist. That is, you build RHEL3's ipsec support as modules, and you
> build openswan (KLIPS) as a module. Pick one, and either should work
> with this patch.
>
> I add this to RHEL3's kernel src.rpm as patch 9002 and add it in the
> appropriate place in the patch sequence. Then I make sure the kernel
> config files build all ESP related material as modules. The kernel
> runs, the openswan 2.2.0 modules load, klips appears to work (I get
> ipsec0 devices), and I get SAs to establish.
>
> My testing has not been thorough yet, I was just excited to see that it
> builds and appears to load properly.
>
> Hopefully this will allow RHEL3 users to use Openswan-2.2.0 with KLIPS
> and NAT-T.
>
>
> MC
More information about the Dev
mailing list