[Openswan Users] Openswan + klips + kernel 2.6
Jorge Daniel Sequeira Matias
martin at andorinha.ist.utl.pt
Tue Nov 15 12:25:56 CET 2005
On Tuesday 15 November 2005 07:36, Martin Bene wrote:
> First, a short note on the 2.4.2 release:
>
> The problem with new awk versions and ipsec auto does not seem to be
> fixed in this release, I had to change the function definition on line
> 223 of /usr/local/libexec/ipsec/auto from default to openswan_default
> (and of course also change the calls to this function) to get 2.4.2 to
> work at all on my gentoo box.
>
> 2nd, I've so far failed to get openswan 2.4.x to actually work in the
> configuration I'd like to use: 2.6 kernel, klips and using nat-t.
>
> Is there any recommended kernel/openswan kombination that's actually
> known to work? Does nat-t work with netkey?
I have been using a vanilla kernel 2.6.11.7 with CVS version more recent
that Openswan 2.3.1. It worked with kernel built-in NAT-T and netkey. But it
was not 100% stable because of sporadic "ASSERTION failed".
Since last Saturday I'm using Kernel 2.6.14.2 with Openswan 2.4.2rc1
(compiled with gcc 3.3.5 and binutils 2.15 in a Debian unstable dist.)
without any errors. I still use kernel built-in NAT-T and netkey. So far
without problems!
I have an average of 15 IPSec Roadwarrior SAs with client/gateway
certificate based auth.
Jorge Matias
CIIST - Centro de Informática
Instituto Superior Técnico
Universidade Técnica de Lisboa
PORTUGAL
More information about the Users
mailing list