[Openswan dev] First pass README update

Ruben Laban r.laban at ism.nl
Wed Oct 13 02:40:36 EDT 2010 

Hi David,

Only a few small comments regarding the various 'make' commands:

On Wednesday 13 October 2010 at 02:17 (CET), David McCullough wrote:
> #########################################################################
> # HOW TO INSTALL on Kernel 2.6 (And Kernels with 2.6 IPsec backport)
> #########################################################################
> 
> NETKEY (Native linux IPsec stack)
> ---------------------------------
> 
> To use Openswan with the linux native (builtin) IPsec stack,  then the
> following steps should be all that are needed. Please use at least kernel
> version 2.6.6, as prior versions of the kernel have serious bugs in the
> native IPsec stack.  From the openswan directory:
> 
>     make programs
>     sudo make install

      ^-- looks good

> Note: The ipsec-tools package is no longer needed. Instead iproute2 >=
> 2.6.8 is required. For backported kernels, setkey and thus ipsec-tools
> might still be required. Run 'ipsec verify' to determine if your system
> has either one of the requirements.
> 
> KLIPS (Openswan IPsec stack)
> ----------------------------
> 
> To use the Openswan KLIPS IPsec stack (ipsec0 devices) for Linux
> Kernels 2.6.23 and higher, the following steps should work.  From the
> openswan directory:
> 
>     make programs
>     sudo make install
>     make KERNELSRC=/lib/modules/`uname -r`/build module minstall

      ^-- the minstall part would require root privileges (sudo)

> For Linux 2.6 Kernels before 2.6.23, the kernel requires patching if
> NAT-T support is required.
> 
>     Add NAT-T support.
> 
>         NAT-T support needs to patch the kernel and build a new bzImage.
>         From the Openswan source directory:
> 
>           make nattpatch | (cd /usr/src/linux-2.6 && patch -p1 && make
> bzImage) 
>         Note: Build and install kernel as normal, as you have modified
>         the TCP/IP stack in the kernel, so it needs to be recompiled and
>         installed.
> 
>           eg: cd /usr/src/linux && make dep bzImage install
> 
>         See your distribution documentation on how to install a new kernel
> 
>     From the openswan directory:
> 
>         make programs
>         make KERNELSRC=/lib/modules/`uname -r`/build module
>         sudo make KERNELSRC=/lib/modules/`uname -r`/build install minstall

          ^-- this approach should be used for newer kernels as well (see 
previous comment)

>     For OCF HW offloading support, you need a patched kernel
>     See: http://ocf-linux.sourceforge.net/

The rest looks just fine to me.

Regards,
Ruben Laban

More information about the Dev mailing list