[Openswan Users] Klips patch
Paul Wouters
paul at xelerance.com
Tue Oct 11 17:23:55 CEST 2005
On Tue, 11 Oct 2005, sasa wrote:
>> Yes, but I would not do that in the rpm. The only thing that you really need
>> to do in the kernel build is the nat-t patch. After you have booted your new
>> nat-t patched kernel, you can simply run:
>>
>> export KERNELSRC=/lib/modules/`uname -r`/build
>> cd openswan-2
>> make module minstall
>
> ..but I don't have a dir with name openswan, I have installed (beyond nat-t kernel patch) only:
>
> openswan-klips-2.4.0-2.6.12_1.1376_FC3_1.i386.rpm
> openswan-2.4.0-1.i386.rpm
>
> I must to install other packages ??
That above openswan-klips rpm, unless you built it yourself, does not contain
support for nat-t in KLIPS, since it was meant for the 'stock' fedora kernel,
which you have patched to add nat-t support.
Please dowload openswan-2.4.0-1.src.rpm from the openswan ftp/www site. Then
do the following:
rpm -hiv openswan-2.4.0-1.src.rpm
cd /usr/src/redhat/SOURCES
tar zxvf openswan-2.4.0.tar.gz
cd openswan-2.4.0/packaging/redhat/
edit the config-* files and change
#define CONFIG_KLIPS_NAT_TRAVERSAL 0
#define CONFIG_IPSEC_NAT_TRAVERSAL 0
to:
#define CONFIG_KLIPS_NAT_TRAVERSAL 1
#define CONFIG_IPSEC_NAT_TRAVERSAL 1
then rebuild:
rpmbuild -bb /usr/src/redhat/SPECS/openswan.spec --define 'buildklips 1' --define 'kversion 2.6.x'
(where 2.6.x is the exact version of the newly build kernel with nat-t that
you made)
That should give you a new openswan-klips package you can install that
should have support for nat-t. It will also give you a new openswan package
that matches the openswan-klips package. Install both using "rpm -Uhv"
Paul
More information about the Users
mailing list