[Openswan dev] First pass README update

Wed Oct 13 10:11:36 EDT 2010

Hi David,

thanks for coordinating this!

Harald

On Wed, Oct 13, 2010 at 09:51:41PM +1000, David McCullough wrote:
> 
> Jivin Ruben Laban lays it down ...
> > Hi David,
> > 
> > Only a few small comments regarding the various 'make' commands:
> > 
> > On Wednesday 13 October 2010 at 02:17 (CET), David McCullough wrote:
> > > #########################################################################
> > > # HOW TO INSTALL on Kernel 2.6 (And Kernels with 2.6 IPsec backport)
> > > #########################################################################
> > > 
> > > NETKEY (Native linux IPsec stack)
> > > ---------------------------------
> > > 
> > > To use Openswan with the linux native (builtin) IPsec stack,  then the
> > > following steps should be all that are needed. Please use at least kernel
> > > version 2.6.6, as prior versions of the kernel have serious bugs in the
> > > native IPsec stack.  From the openswan directory:
> > > 
> > >     make programs
> > >     sudo make install
> > 
> >       ^-- looks good
> > 
> > > Note: The ipsec-tools package is no longer needed. Instead iproute2 >=
> > > 2.6.8 is required. For backported kernels, setkey and thus ipsec-tools
> > > might still be required. Run 'ipsec verify' to determine if your system
> > > has either one of the requirements.
> > > 
> > > KLIPS (Openswan IPsec stack)
> > > ----------------------------
> > > 
> > > To use the Openswan KLIPS IPsec stack (ipsec0 devices) for Linux
> > > Kernels 2.6.23 and higher, the following steps should work.  From the
> > > openswan directory:
> > > 
> > >     make programs
> > >     sudo make install
> > >     make KERNELSRC=/lib/modules/`uname -r`/build module minstall
> > 
> >       ^-- the minstall part would require root privileges (sudo)
> 
> Yeah,  thanks,  missed that.
> 
> > > For Linux 2.6 Kernels before 2.6.23, the kernel requires patching if
> > > NAT-T support is required.
> > > 
> > >     Add NAT-T support.
> > > 
> > >         NAT-T support needs to patch the kernel and build a new bzImage.
> > >         From the Openswan source directory:
> > > 
> > >           make nattpatch | (cd /usr/src/linux-2.6 && patch -p1 && make
> > > bzImage) 
> > >         Note: Build and install kernel as normal, as you have modified
> > >         the TCP/IP stack in the kernel, so it needs to be recompiled and
> > >         installed.
> > > 
> > >           eg: cd /usr/src/linux && make dep bzImage install
> > > 
> > >         See your distribution documentation on how to install a new kernel
> > > 
> > >     From the openswan directory:
> > > 
> > >         make programs
> > >         make KERNELSRC=/lib/modules/`uname -r`/build module
> > >         sudo make KERNELSRC=/lib/modules/`uname -r`/build install minstall
> > 
> >           ^-- this approach should be used for newer kernels as well (see 
> > previous comment)
> 
> Yes,  and I was jumping around improving things and I think I missed the
> previous one.
> 
> > >     For OCF HW offloading support, you need a patched kernel
> > >     See: http://ocf-linux.sourceforge.net/
> > 
> > The rest looks just fine to me.
> 
> Thanks for the feedback :-)
> 
> Cheers,
> Davidm
> 
> -- 
> David McCullough,      david_mccullough at mcafee.com,  Ph:+61 734352815
> McAfee - SnapGear      http://www.mcafee.com         http://www.uCdot.org
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev