[Openswan dev] Re: [patch] RHEL3 (26sec) + Openswan-2.2.0 + NAT-T + KLIPS

Matthew Callaway matt-openswan-dev at kindjal.net
Thu Oct 14 16:10:14 CEST 2004

I just noted a duplicate "lock_sock(sk)" in my patch.  Must remove the
second one.

Would anyone else care to comment on the sanity of this patch?


On Thu, 14 Oct 2004, Matthew Callaway wrote:

> The RHEL3 kernel (2.4.21-9.0.1.EL) has a 26sec backport of ipsec that
> supports NAT-Traversal in a way that differs from that of Openswan.  If
> you build Openswan (2.2.0) and try to apply the Openswan NAT-T patch, it
> conflicts with RHEL3's.
> I've produced a patch that I think will allow both implementations to
> co-exist.  That is, you build RHEL3's ipsec support as modules, and you
> build openswan (KLIPS) as a module.  Pick one, and either should work
> with this patch.
> I add this to RHEL3's kernel src.rpm as patch 9002 and add it in the
> appropriate place in the patch sequence.  Then I make sure the kernel
> config files build all ESP related material as modules.  The kernel
> runs, the openswan 2.2.0 modules load, klips appears to work (I get
> ipsec0 devices), and I get SAs to establish.
> My testing has not been thorough yet, I was just excited to see that it
> builds and appears to load properly.
> Hopefully this will allow RHEL3 users to use Openswan-2.2.0 with KLIPS
> and NAT-T.
> MC

More information about the Dev mailing list