[Openswan Users] Openswan 1.0.0 and RHELv3

Dax Kelson dax at gurulabs.com
Sat Jan 3 10:45:47 CET 2004


On Sat, 2004-01-03 at 09:31, Bernd Bartmann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> will Openswan-1.0.0 work with the RHES3 kernels or will there be
> problems due to the IPSEC backport from kernel-2.6 that Red Hat includes
> in the RHES3 kernels?
> 
> Is anyone working on Openswan-1.0.0 RPMs for RHL 7.2/7.3/8.0/9 and
> Fedora Core 1?

The ideal approach from a maintenance perspective, would be to use the
stock/in-kernel IPSec code with the Openswan userland. That seems to be
the plan for Openswan v2.10 due out within 3 months.

http://www.openswan.org/development/roadmap.php

The only question I have is if the in-kernel IPSec code has the
ESP-over-UDP support needed for NAT-T. Herbert/Dave can answer this.

While waiting for Openswan v2.10 I've resigned myself to using/building
a RHELv3 kernel plus Openswan v1.0.0. I plan on doing that today if I
get the time. I suspect I'll need to pull out the in kernel IPSec and
maybe USAGI (if it's in there). I want it fully RPM packaged for
maintenance reasons.

Dax Kelson
Guru Labs





More information about the Users mailing list