[Openswan Users] attempting to install on RHEL 3

Paul Wouters paul at xelerance.com
Mon Apr 4 23:39:20 CEST 2005

On Mon, 4 Apr 2005, Doug Granzow wrote:

>> Newbie here trying to get Openswan working on a RHEL 3 box.  Does the
>> 2.3.0 RPM available at
> http://www.openswan.com/download/binaries/rhel/3/i386/
>> apply to a specific kernel?  I am running 2.4.21-27.0.2.EL.
> Doing further research I have the impression that KLIPS is not included
> in the above RPM, and KLIPS is the part that would be kernel-specific.


> If this is true, does a binary KLIPS RPM exist for RHEL?  If not, is
> this the source I should build from:
> http://www.openswan.com/download/binaries/rhel/3/SRPMS/openswan-2.3.0-1r
> hel.src.rpm

That will not work because the RHEL is a 2.4-2.6 hybrid kernel. No one has
ported KLIPS to those kernels. Your best bet is to use the NETKEY backport
ipsec stack included with the RHEL3 kernel and openswan-2.3.0 (not the klips
package). It will fail to work with modern nat-traversal clients, and you
will go through hell to get packet sizes/mtu isses fixed.

RHEL3 is the worst choice for a kernel for IPsec related matters. Install a
seperate server using Fedora Core 3 (or Debian) with either the latest 2.4
kernel with klips or with a or higher kernel. The latter might work,
but clearly has not been tested well.


More information about the Users mailing list