[Openswan dev] First pass README update

David McCullough david_mccullough at mcafee.com
Wed Oct 13 07:51:41 EDT 2010


Jivin Ruben Laban lays it down ...
> Hi David,
> 
> Only a few small comments regarding the various 'make' commands:
> 
> On Wednesday 13 October 2010 at 02:17 (CET), David McCullough wrote:
> > #########################################################################
> > # HOW TO INSTALL on Kernel 2.6 (And Kernels with 2.6 IPsec backport)
> > #########################################################################
> > 
> > NETKEY (Native linux IPsec stack)
> > ---------------------------------
> > 
> > To use Openswan with the linux native (builtin) IPsec stack,  then the
> > following steps should be all that are needed. Please use at least kernel
> > version 2.6.6, as prior versions of the kernel have serious bugs in the
> > native IPsec stack.  From the openswan directory:
> > 
> >     make programs
> >     sudo make install
> 
>       ^-- looks good
> 
> > Note: The ipsec-tools package is no longer needed. Instead iproute2 >=
> > 2.6.8 is required. For backported kernels, setkey and thus ipsec-tools
> > might still be required. Run 'ipsec verify' to determine if your system
> > has either one of the requirements.
> > 
> > KLIPS (Openswan IPsec stack)
> > ----------------------------
> > 
> > To use the Openswan KLIPS IPsec stack (ipsec0 devices) for Linux
> > Kernels 2.6.23 and higher, the following steps should work.  From the
> > openswan directory:
> > 
> >     make programs
> >     sudo make install
> >     make KERNELSRC=/lib/modules/`uname -r`/build module minstall
> 
>       ^-- the minstall part would require root privileges (sudo)

Yeah,  thanks,  missed that.

> > For Linux 2.6 Kernels before 2.6.23, the kernel requires patching if
> > NAT-T support is required.
> > 
> >     Add NAT-T support.
> > 
> >         NAT-T support needs to patch the kernel and build a new bzImage.
> >         From the Openswan source directory:
> > 
> >           make nattpatch | (cd /usr/src/linux-2.6 && patch -p1 && make
> > bzImage) 
> >         Note: Build and install kernel as normal, as you have modified
> >         the TCP/IP stack in the kernel, so it needs to be recompiled and
> >         installed.
> > 
> >           eg: cd /usr/src/linux && make dep bzImage install
> > 
> >         See your distribution documentation on how to install a new kernel
> > 
> >     From the openswan directory:
> > 
> >         make programs
> >         make KERNELSRC=/lib/modules/`uname -r`/build module
> >         sudo make KERNELSRC=/lib/modules/`uname -r`/build install minstall
> 
>           ^-- this approach should be used for newer kernels as well (see 
> previous comment)

Yes,  and I was jumping around improving things and I think I missed the
previous one.

> >     For OCF HW offloading support, you need a patched kernel
> >     See: http://ocf-linux.sourceforge.net/
> 
> The rest looks just fine to me.

Thanks for the feedback :-)

Cheers,
Davidm

-- 
David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org


More information about the Dev mailing list