[Openswan Users]

[Paul Wouters]

On Fri, 11 Nov 2005, Väisänen Teemu wrote:

> - Is Openswan Wiki Troubleshooter same as FAQ (Somewhere is talked
> about troubleshooter and somewhere about faq)?

I have no idea. I don't think we have any good worthwhile FAQ, and the
Wiki's information is rather limited and some of it just old or outdated.

> - Does Openswan support 2.6.8.1 kernel?

Yes. KLIPS should work fine, but NETKEY for that kernel is too old, so don't
use that kernel's native IPsec capabilities with openswan.

> There are openswan-2.4.0-1.i386.rpm and openswan-doc-2.4.0-1.i386.rpm
> files in download/binaries/fedora/3/i386/ Wiki troubleshooter says
> both userland tools and kernel components have to be installed.

kernel component is called openswan-klips (or openswan-klmd by atrpms)

> - Are these both (userland tools and kernel components) in this
> openswan-2.4.0-1.i386.rpm?

no. that is just the userland (which can be used with NETKEY if you would
use 2.6.11 instead of 2.6.8.1)

> - If they aren't in that rpm, where could I find them? Are there these
> different tools and components for Fedore?

Install source rpm and rebuild with:

rpmbuild -bb openswan.spec --define 'buildklips 1' --define 'kversion 2.6.8.1'

You might need to patch your 2.6.8.1 kernel with the natt-patch for the above
to work. get it using:

make KERNELSRC=/usr/src/linux-2.6.8.1 nattpatch > /usr/src/natt.patch
cd /usr/src/linux-2.6.8.1
cat natt.patch | patch -p1 -s

> ipsec_setup: Starting Openswan IPsec U2.4.0/K2.6.8.1...
> ipsec_setup: no default route, %defaultroute cannot cope!!!
>
> -What does this no default route means?

you have no default route and interfaces=%defaultroute. Either change the
interface line or add a default route to your system.

> -What is pluto and how is it installed?

The IKE daemon. /usr/libexe/ipsec/pluto

Paul