[Openswan dev] Openswan on uClinux
mcr at xelerance.com
Sun Dec 16 12:48:25 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "David" == David McCullough <David_Mccullough at securecomputing.com> writes:
David> There is no reason it can't be done. Just the tools needed to
David> get all the scripts going may not all be fully functional on
David> a !MMU system, or it may need a little work. If you go
David> barebones and just use pluto and whack it gets a lot easier
David> (depending on your point of view ;-) on !MMU.
So, a goal in the 2.5 line is to be able to operate without major
loss of functionality without (g)awk. Many of our scripts are now
busybox compliant, but not all.
However, you can certainly avoid using many of the scripts if you
start pluto directly, and use the /usr/lib/ipsec/whack and addconn
I think that in 2.5, the addconn interface is sufficiently
dis-entangled from pluto that if someone wants to pull policies directly
from whatever GUI-friendly database there is, then that will result in
much lower overhead than writing them to a config file.
I mean to finish doing that for the ebox distro, for instance.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev