[Openswan Users] steps to load KLIPS IPSec stack in 2.6.13 kernel

Pjothi pjothi at gmail.com
Mon Mar 6 09:51:13 CET 2006


Dear Paul,

In IMS-AKA (IP Multimedia Subsystem - Authentication and Key Agreement)
scenario, authentication and associations are taken care by SIP protocol.So,
no IKE happens. So to
very much simplify this scenario, as a first step, I want to "manually key"
with the main motivation to verify "UDP encapsulation". Then the next step
would be to use SIP to establish assocations. So manual keying would be the
first step for this. Already its possible with setkey to use manual keying,
but I am not able to force it to UDP encapsulate the packets. But, with
pluto using NETKEY IPSec stack, in automatic keying I am able to force NAT-T
and in effect UDP encapsulation. But, I do not want IKE to be run and just
want to force "UDP encapsulation" and the obvious choice is "manual keying".


When I try to force NAT-T using manual keying, I get the following error

ipsec manual: fatal error in "man": no IPSEC-enabled Interfaces found

As I googled and went through the archives for solving the above error, it
was suggested to use KLIPS stack instead of NETKEY stack and this is the
reason I wanted to move to KLIPS stack.

So, I would like to know if NAT-T can be "forced" in manual keying with
KLIPS IPSec stack and is it a good idea to do that, or this can be just done
with the NETKEY IPSec stack itself and there is some possibility to solve
the above error.

Thanking you very much,

regards,
Pjothi





On 3/3/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Fri, 3 Mar 2006, Pjothi wrote:
>
> > My kernel is 2.6.13 (SUSE 10)
> > Openswan version,- 2.4.5rc5
> >
> > The wiki and README in Openswan documentation are not clear. In README,
> it
> > says to apply nattpatch first. I am getting errorrs like
> > HUNK #1 failed
>
> export KERNELSRC=/your/suse/kernel
> cd openswan-2
> make nattpatch > $KERNELSRC/natt.patch
> cd $KERNELSRC
> patch -p1 -s < natt.patch
> make oldconfig
> make clean
> make bzImage modules modules_install
> cd /your/openswan-2
> make module module_install
>
> > Does anyone have a nice documentation that explains simply what has to
> be
> > done in an orderly way. My main motivation is to use KLIPS IPSec stack,
> with
> > NAT-T so that I can use manual configuration with UDP encapsulation
> forced.
>
> manual configuration? you mean manual keying? You should not be using
> manual keying.
> There is no valid reason for it.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060306/c94e2162/attachment.htm


More information about the Users mailing list