[Openswan Users] net 2 net connection
William Man
williamman at visualrock.co.uk
Thu Sep 15 22:48:30 CEST 2005
Hi all,
Good news, I have managed to compile openswan for my kernel, 2.6.9-1.667.
This is the default installtion for fedora core 3, if anyone wants to use
these i'll be happy to email them.
I have built
openswan-2.4.0-1.i386.rpm
openswan-doc-2.4.0-1.i386.rpm
openswan-klips-2.4.0-2.6.9_1.667_1.i386.rpm
This now allows, subnet to subnet traffic via the ipsec0 tunnel, however I
further reading I have found that
gateway to subnet traffic, and
gateway to gateway traffic
do no pass through the ipsec tunnel. it seems to be due to the default
routing table to use the IP providers gateway.
I have read that some fancy iproute2 rules can force all subnet destine
traffic through the ipsec0 tunnel, however, documentation seems complex and
advanced.
Can anyone help me with this? The Openswan documentation suggests adding 4
extra tunnels to do this, but it seems routing would be easier...
William
-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]On
Behalf Of William Man
Sent: Thursday, September 15, 2005 11:47 AM
To: users at openswan.org
Subject: Re: [Openswan Users] net 2 net connection
Thanks for the suggestions.
The easiest would be to upgrade the kernel, i tried with yum and it suggests
download the kernel and ipsec modules, however I am always uneasy when doing
this as it could take down my system.
I will try and build the rpms against my kernel and hope there aren't any
problems.
Thanks again, i'll try and post my progress for those who maybe interested.
William
----- Original Message -----
From: "Nigel Metheringham" <nigel.metheringham at dev.intechnology.co.uk>
To: <users at openswan.org>
Sent: Thursday, September 15, 2005 11:39 AM
Subject: Re: [Openswan Users] net 2 net connection
> On Thu, 2005-09-15 at 11:19 +0100, William Man wrote:
> > insmod: error inserting
> > '/lib/modules/2.6.9-1.724_FC3/kernel/net/ipsec/ipsec.ko': -1 Invalid
module
> > format
> >
> > the kernel i am using is 2.6.9-1.667, is there a version of ipsec klips
for
> > this? I installed the 2.6.9-1.724 which might be why it isn't
> > inserting.....
>
> Kernel modules should match the version of the running kernel. Not
> doing this will lead to a world of pain.
>
> I suggest you get the source rpm for that code, install that, edit the
> spec file to reflect the kernel version you are using, and rebuild the
> rpm.
>
> Alternatively just build the kernel modules against your kernel version.
>
> Or (probably the easiest) upgrade your kernel to 2.6.9-1.724_FC3_1
> although that may have other issues for you.
>
> Nigel.
> --
> [ Nigel Metheringham Nigel.Metheringham at InTechnology.co.uk ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> ________________________________________________________________
> This email has been scanned by ClamAV, and should be virus free.
>
________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.
_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.25/102 - Release Date: 14/09/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.25/102 - Release Date: 14/09/2005
________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.
More information about the Users
mailing list