[Openswan Users] openswan and red hat enterprise

Paul Wouters paul at xelerance.com
Wed Mar 24 19:39:49 CET 2004 

On Wed, 24 Mar 2004, Morgan Marodin wrote:

> How does work openswan with the kernel of Red Hat Enterprise ES 3 (v 
> 2.4.21-9.0.1.EL)?
> Do I have to patch the kernel for NatTraversal feature?

If that kernel contains the ipsec backport (I think it does) then you should
have nat traversal support, and you shouldn't need to recompile the kernel.
 
> Then ... I tested to rpmbuild (as a normal user, NOT root) the package with 
> the tarball openswan-2.1.1.tar.gz (renaming it to freeswan-2.0x-cvs.tar.gz 
> as in the spec file) but compiling it reports an error:

There should be an openswan26.spec file in the packaging/redhat directory. Please
use that instead of the freeswan.spec file.

> ipsec_init.o 
> /home/mork/rpm/BUILD/freeswan-2.0x-cvs/linux/net/ipsec/ipsec_init.c
> In file included from /usr/src/linux-2.4.21-9.0.1.EL/include/linux/skbuff.h:26,
>                   from 
> /home/mork/rpm/BUILD/freeswan-2.0x-cvs/linux/include/freeswan/ipsec_kversion.h:58,
>                   from 
> /home/mork/rpm/BUILD/freeswan-2.0x-cvs/linux/include/freeswan/ipsec_param.h:32,
>                   from 
> /home/mork/rpm/BUILD/freeswan-2.0x-cvs/linux/net/ipsec/ipsec_init.c:28:
> /usr/src/linux-2.4.21-9.0.1.EL/include/linux/mm.h:203: syntax error before 
> "pte_addr_t"
> /usr/src/linux-2.4.21-9.0.1.EL/include/linux/mm.h:203: warning: no 
> semicolon at end of struct or union
> /usr/src/linux-2.4.21-9.0.1.EL/include/linux/mm.h:203: warning: no 
> semicolon at end of struct or union
> /usr/src/linux-2.4.21-9.0.1.EL/include/linux/mm.h:204: warning: type 
> defaults to `int' in declaration of `pte'
> /usr/src/linux-2.4.21-9.0.1.EL/include/linux/mm.h:204: warning: data 
> definition has no type or storage class
> /usr/src/linux-2.4.21-9.0.1.EL/include/linux/mm.h:223: syntax error before 
> '}' token

[ snip ]

You shouldn't need the ipsec.o module if the ipsec backport is there. Try
modprobe'ing esp4 and if that is there, you should have the backport and you
can forget about this compile error. If not, you can try and run 'make mrproper'
on your /usr/src/linux-2.4 tree and try the compile again.
Also be sure to install the ipsectools package for the setkey binary when using
the ipsec backport.

Paul

More information about the Users mailing list