[Openswan dev] Changes to openswan for openwrt

Paul Wouters paul at xelerance.com
Tue Jun 19 13:16:23 EDT 2007

Hi, I have made some changes to openswan 2.4.x to better support openwrt
without openwrt requiring patches to maintain it. These changes have been
comited to CVS and will be released in openswan 2.4.9.

This means some patches by openwrt are no longer neccessary. It also
tweaks the files used by openwrt to properly compile without the
changes to the Makefiles. We updated our packaging/openwrt files
to include all the fixes. These files were based on the subversion files
of whiterussian.

Fixes to openswan / removed patches from openwrt's openswan patches:

- Makefile.inc supports setting INC_RCDEFAULT="/etc/init.d" so openwrt
  should not create the wrong /etc/rc.d/init.d and then fix it later
  using softlinks
- Makefile.inc now supports the MODPROBE=insmod setting for openwrt.
- _startklips now supports MODPROBE, so will not need those patches anymore
- _look now uses tr instead of set, so no patch required anymore
- send-pr is never build, used or installed, so there is no need to patch it.
- EXTRALIBS define is not required, as one can just set the required flags
  for openwrt (-L$(STAGING_DIR)/usr/lib) in the LD_LIBRARY_PATH variable.
- setup.in no longer uses id -u but ${USER}
- setup.in now creates /var/run/pluto and /var/lock/subsys
- _realsetup.in already creates /var/run/pluto  and /var/lock/subsys if needed
- showhostkey now checks for /proc/sys/kernel/hostname before trying the
  hostname command, which does not exist on openwrt.
- showhostkey now uses [] around the '{', required for openwrt's awk.
- starter patch removed because starter shouldnt be used with 2.4.x and it
  is no longer build in the 2.4.x tree. It is replaced with libipsecconf in
  openswan 2.5.x.

left in the patch:

- use of dirname. Really, just enable dirname in busybox. It can't be
  adding more code then doing a workaround for every occurance of
  dirname in the init scripts used by all openwrt packages.
- loggerfix patch, though it is probably not needed, as one can just
  set the ipsec.conf option plutostderrlog=/tmp/pluto.log

Someone can just replace whiterussian/openwrt/package/openswan with the
openswan-2/packaging/openwrt directory. But I believe whiterussian is
no longer supported. I haven't looked at more recent versions (eg kamikaze)
to see if this is also a drop-in replacement for kamikaze.

Building and integrating Virtual Private Networks with Openswan:

More information about the Dev mailing list