[Openswan Users] L2TP server on RH Enterprise 3

[Paul Wouters]

On Mon, 5 Sep 2005, Thiago Campos wrote:

>> I have not used RHEL3 so I can't tell. But RHEL should be
>> similar enough to Fedora versions so any L2TP server should
>> work. The IPsec side will be more of a problem. I understand
>> that the RHEL3 kernel is a hybrid of kernel 2.4 and kernel 2.6
>> which is known to have issues with Openswan. So it seems that
>> RHEL3 is a bad choice for an IPsec server.
>
> Very bad news to me. I have a customer that the only way is a RHEL 3
> I read about CIPE but i don't think its a good solution.

CIPE is fundamentally broken. Do not use it.

> I found kernel-smp-module-openswan from DAG, what do you thin about it?

For RHEL3? I have no experience with it. It would have been a patched openswan
klips module, or it might only work on a custom compiled RHEL3 that DAG also
ships, that does not contain the broken NETKEY backport.

> My Kernel is 2.4.21-32.0.1.ELsmp do you have any tip from where should i 
> start?

It would be days of work to remove the NETKEY backport and patch in
the KLIPS ipsec stack to make this work, and it probably voids any warrantee
you'd get from RedHat. RHEL3 is simply not a good choice for IPsec.

Paul