[Openswan dev] Openswan on uClinux

aparna.dutta aparna.dutta at jasmin-infotech.com
Tue Dec 18 07:37:24 EST 2007


Thanks for your replies. Yes, the uClinux distribution for Blackfin does
have Openswan and we are trying to get it compiled and installed.

But we noticed another issue while testing Openswan between 2 Suse-Linux
machines. We have set up a tunnel between the two and can clearly see ESP
packets being exchanged. But one of the machines does not encrypt TCP
packets sometimes. Using Ethereal, we see some TCP packets among the ESP
packets. This is happening in only one of the machines, the other one sends
only ESP packets.
Does this indicate any specific configuration problem?

Thanks and regards,
Aparna


-----Original Message-----
From: dev-bounces at openswan.org [mailto:dev-bounces at openswan.org] On Behalf
Of Michael Richardson
Sent: Sunday, December 16, 2007 11:18 PM
To: dev at openswan.org
Cc: David McCullough
Subject: Re: [Openswan dev] Openswan on uClinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "David" == David McCullough <David_Mccullough at securecomputing.com>
writes:
    David> There is no reason it can't be done. Just the tools needed to
    David> get all the scripts going may not all be fully functional on
    David> a !MMU system, or it may need a little work.  If you go
    David> barebones and just use pluto and whack it gets a lot easier
    David> (depending on your point of view ;-) on !MMU.

  So, a goal in the 2.5 line is to be able to operate without major
loss of functionality without (g)awk.  Many of our scripts are now
busybox compliant, but not all.  

  However,  you can certainly avoid using many of the scripts if you
start pluto directly, and use the /usr/lib/ipsec/whack and addconn
programs directly.

  I think that in 2.5, the addconn interface is sufficiently
dis-entangled from pluto that if someone wants to pull policies directly
from whatever GUI-friendly database there is, then that will result in
much lower overhead than writing them to a config file. 

  I mean to finish doing that for the ebox distro, for instance.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls
[
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net
architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBR2Vk2ICLcPvd0N1lAQK43Af9GzS3tzbWcXhbvGk/qPteeWHdzEG9GGL0
uViKepPGCS05QOhJr5mdJF5R5PJfuTuErxVdWPXeOaSCjaSQWEvmZYZ1QmuzZy8P
ngJJ8Xxyfvh5aW96HabK4zwQxt2FhL+1Bo+L2zMvlr95Rr8K2ZwUTuuL6FC672xX
k63CHyOIbJGT3OVQzYfpsdrd8BafKRbkgvVl+p+z6A1gMNHGaaOc5iZEr+uuYDgg
kuHHQFyWGRg/uGO7yw0To+unxOKMzFm3io2wBKQ5pkU6o8TTii3xDMbkyLpTrxrV
6EM4kl2IoavO9xKv+xEByh4tlL01hFsOcV1ODFIwz3kQH8G4MAw5Rw==
=Trxf
-----END PGP SIGNATURE-----
_______________________________________________
Dev mailing list
Dev at openswan.org
http://lists.openswan.org/mailman/listinfo/dev



More information about the Dev mailing list