[Openswan Users] Openswan 2.4.5rc7 on 2.4.32-SMP

Stephen Jones hivemynd at hivemynd.net
Wed Apr 5 03:56:31 CEST 2006

Hi Paul, list:

Paul Wouters wrote:

>>I will be be able to build openswan-2.4.5rc7 for an SMP configuration later
>>tonight, will report whether or not it crashes on KLIPS load.
> Please let us now!

I was able to build 2.4.5rc7 on a 2.4.32 SMP kernel w/o issues.

uname -a
Linux fedora1athlon 2.4.32 #4 SMP Wed Apr 5 02:39:54 CDT 2006 i686 
athlon i386 GNU/Linux
[root at fedora1athlon root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan 2.4.5rc7 (klips)
Checking for IPsec support in kernel                            [OK]
KLIPS detected, checking for NAT Traversal support              [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

The sources were patched for NAT-T with:

make nattpatch > $KERNELSRC/openswan-ipsec-natt.patch
cat ./openswan-ipsec-natt.patch | patch -p1 -s
(no errors reported)

Then the KLIPS patch was applied via:
make applypatch
make clean
make oldconfig
make dep bzImage modules modules_install
make install

Then the entire kernel and modules were all rebuilt and installed 
(Selecting 'y' for the NAT-T support, and 'm' for KLIPS and 'y' for all 
other ipsec related options).  The patch file emitted for the nat-t 
patch is different than the 2.4.32-natt.patch available for download. I 
have tried both, with the same results.

The good news is the 2.4.32-SMP kernel did not crash with ipsec module 
load :D

I likely won't be able to test functionality for a week or so however :|

Thanks for your patience!


More information about the Users mailing list