[Openswan Users] attempting to install on RHEL 3
Paul Wouters
paul at xelerance.com
Mon Apr 4 23:39:20 CEST 2005
On Mon, 4 Apr 2005, Doug Granzow wrote:
>> Newbie here trying to get Openswan working on a RHEL 3 box. Does the
>> 2.3.0 RPM available at
> http://www.openswan.com/download/binaries/rhel/3/i386/
>> apply to a specific kernel? I am running 2.4.21-27.0.2.EL.
>
> Doing further research I have the impression that KLIPS is not included
> in the above RPM, and KLIPS is the part that would be kernel-specific.
Correct.
> If this is true, does a binary KLIPS RPM exist for RHEL? If not, is
> this the source I should build from:
> http://www.openswan.com/download/binaries/rhel/3/SRPMS/openswan-2.3.0-1r
> hel.src.rpm
That will not work because the RHEL is a 2.4-2.6 hybrid kernel. No one has
ported KLIPS to those kernels. Your best bet is to use the NETKEY backport
ipsec stack included with the RHEL3 kernel and openswan-2.3.0 (not the klips
package). It will fail to work with modern nat-traversal clients, and you
will go through hell to get packet sizes/mtu isses fixed.
RHEL3 is the worst choice for a kernel for IPsec related matters. Install a
seperate server using Fedora Core 3 (or Debian) with either the latest 2.4
kernel with klips or with a 2.6.11.6 or higher kernel. The latter might work,
but clearly has not been tested well.
Paul
More information about the Users
mailing list