[Openswan Users] Openswan 2.4.5rc7 on 2.4.32-SMP
Stephen Jones
hivemynd at hivemynd.net
Wed Apr 5 03:56:31 CEST 2006
Hi Paul, list:
Paul Wouters wrote:
>
>>I will be be able to build openswan-2.4.5rc7 for an SMP configuration later
>>tonight, will report whether or not it crashes on KLIPS load.
>
>
> Please let us now!
>
I was able to build 2.4.5rc7 on a 2.4.32 SMP kernel w/o issues.
uname -a
Linux fedora1athlon 2.4.32 #4 SMP Wed Apr 5 02:39:54 CDT 2006 i686
athlon i386 GNU/Linux
[root at fedora1athlon root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan 2.4.5rc7 (klips)
Checking for IPsec support in kernel [OK]
KLIPS detected, checking for NAT Traversal support [FAILED]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
The sources were patched for NAT-T with:
KERNELSRC=/usr/src/linux-2.4.32
make nattpatch > $KERNELSRC/openswan-ipsec-natt.patch
cd $KERNELSRC
cat ./openswan-ipsec-natt.patch | patch -p1 -s
(no errors reported)
Then the KLIPS patch was applied via:
make applypatch
cd $KERNELSRC
make clean
make oldconfig
make dep bzImage modules modules_install
make install
reboot...
Then the entire kernel and modules were all rebuilt and installed
(Selecting 'y' for the NAT-T support, and 'm' for KLIPS and 'y' for all
other ipsec related options). The patch file emitted for the nat-t
patch is different than the 2.4.32-natt.patch available for download. I
have tried both, with the same results.
The good news is the 2.4.32-SMP kernel did not crash with ipsec module
load :D
I likely won't be able to test functionality for a week or so however :|
Thanks for your patience!
SJ
More information about the Users
mailing list