[Openswan dev] Openswan on uClinux
aparna.dutta at jasmin-infotech.com
Tue Dec 18 07:37:24 EST 2007
Thanks for your replies. Yes, the uClinux distribution for Blackfin does
have Openswan and we are trying to get it compiled and installed.
But we noticed another issue while testing Openswan between 2 Suse-Linux
machines. We have set up a tunnel between the two and can clearly see ESP
packets being exchanged. But one of the machines does not encrypt TCP
packets sometimes. Using Ethereal, we see some TCP packets among the ESP
packets. This is happening in only one of the machines, the other one sends
only ESP packets.
Does this indicate any specific configuration problem?
Thanks and regards,
From: dev-bounces at openswan.org [mailto:dev-bounces at openswan.org] On Behalf
Of Michael Richardson
Sent: Sunday, December 16, 2007 11:18 PM
To: dev at openswan.org
Cc: David McCullough
Subject: Re: [Openswan dev] Openswan on uClinux
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "David" == David McCullough <David_Mccullough at securecomputing.com>
David> There is no reason it can't be done. Just the tools needed to
David> get all the scripts going may not all be fully functional on
David> a !MMU system, or it may need a little work. If you go
David> barebones and just use pluto and whack it gets a lot easier
David> (depending on your point of view ;-) on !MMU.
So, a goal in the 2.5 line is to be able to operate without major
loss of functionality without (g)awk. Many of our scripts are now
busybox compliant, but not all.
However, you can certainly avoid using many of the scripts if you
start pluto directly, and use the /usr/lib/ipsec/whack and addconn
I think that in 2.5, the addconn interface is sufficiently
dis-entangled from pluto that if someone wants to pull policies directly
from whatever GUI-friendly database there is, then that will result in
much lower overhead than writing them to a config file.
I mean to finish doing that for the ebox distro, for instance.
] Bear: "Me, I'm just the shape of a bear." | firewalls
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device
] panic("Just another Debian GNU/Linux using, kernel hacking, security
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
Dev mailing list
Dev at openswan.org
More information about the Dev