[Openswan Users] linksys WRT54G openswan

Sat May 22 14:10:35 CEST 2004

On Sat, 22 May 2004, Ferdinand O. Tempel wrote:

> Anyway I posted some stuff already to the openwrt forum
> (http://openwrt.ksilebo.net/forum/viewtopic.php?p=465#465), but then I
> spotted that you prefer to have feedback by email. Hey, I'm flexible.

Thanks for your feedback here. I do prefer it, since I don't actively go
out and check out many websites for new issues. I do read theses lists on
a daily basis.

> I took your packages for a quick testdrive, and have the following
> observations:
> * The openswan package doesn't install cleanly. It produces the
> following error:
> Unpacking openswan...Done. 
> Configuring openswan...Disabling logger, since it will hang system. see
> /usr/bin/loggerfix 

When I used logger as it came with openwrt, it would basicly hang. Ken has
run into similar problems on the OpenZaurus platform, and I used his work
around. Move logger out of the way and replace it with a /bin/cat script.
So this is not an error, but an informational message. When you uninstal the
package, it should put the real logger back.

> You will now need to generate an IPsec hostkey or X.509 certificate
> before  
> //usr/lib/ipkg/info/openswan.postinst: 11: Syntax error: Unterminated
> quoted string 

This I will obviously have to fix :)

> This looks like a typo in the aforementioned postinst script. 
> * mawk doesn't replace busybox's awk, so it keeps complaining about:
> "awk: cmd. line:256: Unexpected token" with everything you do. I
> replaced the awk symlink to busybox with a symlink to /usr/bin/mawk
> which is provided by your mawk package.

Yes, that is what the postinst script does after those echo lines. It didn't
get that far though.

> * You seem to have build your packages with --prefix=/usr/local
> (standard, iirc) while you install everything straight under /usr. This
> breaks both /usr/sbin/ipsec as /etc/init.d/S60ipsec, which can't find
> the stuff they're looking for. I modified the scripts.

Those are real bugs. I did most of my testing on a /usr/local nfs mount, but
made the final package go into /usr since I didn't know what the openwrt policy
was for installing binaries in packages. Should core modules go into /usr and
addon packages into /usr/local or should all packages go into /usr and should
/usr/local be reserved for non-packaged (nfs mounted) stores? I hadn't received
an answer when I made the packages, and made a mistake.

> * /usr/libexec/ipsec/setup points to a non existant
> /etc/rc.d/init.d/ipsec, it should point to /etc/init.d/S60ipsec

Ok, will fix that. It was another last minute change.

> * Cosmetic: ipsec.o gets placed in a deep directory structure (the
> default /lib/modules/`uname -r`/kernel/net/ipsec/), while openwrt keeps
> it pretty flat (all modules in /lib/modules/`uname -r`/). I'd place
> ipsec.o there too.

I wasn't sure about insmod finding it there, but since then I noticed the
modules.dep file syntax. I'll change this too.

> * ipsec setup {start,stop} don't seem to do anything at all, I'm at this
> point in getting things working now. I'll keep you posted both in the
> forum mentioned above and through email reports when there's something
> to report :-)

It takes a looooooooooooooooong time to start. There might also be some problems where
the prompt doesn't get returned, while the whole subsystem is infact working.
Give it a full minute to start, then initiate from the other end. 

I didn't give this to much attention, since I want to get rid of the scripts and
use our new smaller binary tool called "starter". However, the tool doesn't compile
properly yet in the current release.

This was all done with a deadline for my BlackHat presentation last thursday. I will
clean up the package and post an update.

Thanks a lot for your feedback!

Paul