[Openswan dev] Openswan on uClinux

aparna.dutta aparna.dutta at jasmin-infotech.com
Tue Dec 18 07:37:24 EST 2007

Thanks for your replies. Yes, the uClinux distribution for Blackfin does
have Openswan and we are trying to get it compiled and installed.

But we noticed another issue while testing Openswan between 2 Suse-Linux
machines. We have set up a tunnel between the two and can clearly see ESP
packets being exchanged. But one of the machines does not encrypt TCP
packets sometimes. Using Ethereal, we see some TCP packets among the ESP
packets. This is happening in only one of the machines, the other one sends
only ESP packets.
Does this indicate any specific configuration problem?

Thanks and regards,

-----Original Message-----
From: dev-bounces at openswan.org [mailto:dev-bounces at openswan.org] On Behalf
Of Michael Richardson
Sent: Sunday, December 16, 2007 11:18 PM
To: dev at openswan.org
Cc: David McCullough
Subject: Re: [Openswan dev] Openswan on uClinux

Hash: SHA1

>>>>> "David" == David McCullough <David_Mccullough at securecomputing.com>
    David> There is no reason it can't be done. Just the tools needed to
    David> get all the scripts going may not all be fully functional on
    David> a !MMU system, or it may need a little work.  If you go
    David> barebones and just use pluto and whack it gets a lot easier
    David> (depending on your point of view ;-) on !MMU.

  So, a goal in the 2.5 line is to be able to operate without major
loss of functionality without (g)awk.  Many of our scripts are now
busybox compliant, but not all.  

  However,  you can certainly avoid using many of the scripts if you
start pluto directly, and use the /usr/lib/ipsec/whack and addconn
programs directly.

  I think that in 2.5, the addconn interface is sufficiently
dis-entangled from pluto that if someone wants to pull policies directly
from whatever GUI-friendly database there is, then that will result in
much lower overhead than writing them to a config file. 

  I mean to finish doing that for the ebox distro, for instance.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

Dev mailing list
Dev at openswan.org

More information about the Dev mailing list