[Openswan Users] OpenSWAN - so dang hard to implement?! Help!

Doran Barton fozz at iodynamics.com
Sun Feb 29 20:16:15 CET 2004

Hi guys, I need some help. I don't need someone to hold my hand- I just
need a set of directions that make sense to follow.

I've got to build a roadwarrior-type VPN for a Windows 2000 user at home
(behind an SMC firewall appliance doing NAT) logging into an office
network.  The gateway machine for the office network is a Red Hat 9 box
doing NAT for the LAN users.

Because the home user will be a very-non-technical guy, I'm thinking of
going with an L2TP/OpenSWAN setup on the gateway so the home user can use
Win2K's native VPN tools. I've already found Jacco de Leeuw's excellent
tutorials on this subject.

I realize that because the user will be NAT'd, I need the NAT traversal
stuff going on.

But I can't even get the OpenSWAN ipsec.o kernel module to build! It's very
frustrating. I'm trying to get 1.0.1 built. I'd like to just add ipsec.o to
the 2.4.20-30.9 kernel I'm running on the box, but I'm not sure exactly how
to go about that. 

I've tried all kinds of stuff from doing a 'make oldconfig' and 'make dep'
on the kernel-source and then doing a 'make oldgo' from the openswan
directory. Nothing seems to work. 

And this is after I tried the ATRPMs builds of OpenSWAN v2.0.0 (which didn't
support NAT-T) and freeswan+x509 RPMs (which also didn't support NAT-T). 

I've been banging my head against the wall about this for about a week.
Please help.

Also, if someone can tell me what I need to do, I'd be willing to build and
host RPMs for a variety of RH9 and FC1 kernels.


fozz at iodynamics.com is Doran L. Barton, president, Iodynamics LLC
Iodynamics: Linux solutions - Web development - Business connectivity
 "Beware of being eaten by small children due to small parts."
    -- Seen on a toy package

More information about the Users mailing list