[Openswan Users] MODVERSIONS & interfaces

Paul Wouters paul at xelerance.com
Wed Oct 6 11:11:44 CEST 2004


On Tue, 5 Oct 2004, Carlos G Mendioroz wrote:

> I've just downloaded 2.2.0 to try some stuff.
> In so doing I run into a problem, that seems to be caused by the ipsec.o 
> Makefile (.../linux/net/ipsec/Makefile) assuming kernel is compiled with 
> MODVERSIONS.
> (Mine is not because a hardware provider provides drivers w/o them :-()

This is a known bug, and Michael is fixing this in CVS.

> On another track, is there a doc or some place to read info on the flow 
> packets take throw interfaces ? I'm trying to understand what rules 
> (iptables) should be changed and how when implementing ipsec.

There is a diagram of this floating around somewhere, either on sandelman or
freeswan.ca.

> Some info on routing would be helpful too! I noticed some split default 
> tricks on some configs (route to 0.0.0.0/1 and 128.0.0.0/1 to ipsec0) and 
> would like to understand them...

That is Opportunistic Encryption. Just include /etc/ipsec.d/examples/no_oe.conf
in /etc/ipsec.conf if you don't want that.

Paul
-- 
 	"Non cogitamus, ergo nihil sumus"


More information about the Users mailing list