[Openswan Users] building
tleslie at tcn.net
Fri Mar 24 05:10:44 CET 2006
i was using rc5
and when i merged it so there wasnt the lib/module/2.4.16-smp and 2.4.16
so the openswan ipsec.ko was put in,
and not the ipsec.ko made from the kernel,
it odd, the kernel when patched, makes a ipsec.ko and the openswan distro (make ... module)
does to, but only the one in the openswan distro accesses the for example des_ede3_cbc_encrypt
which seems to be only in a assembly language *.s file in teh openswan distro, and not
available to the kernel (or patched kernel). or maybe i just screwed something else up in the
install, but anyways it is working now.
had to turn off SMP, with it on, the ipsec does a IEP (or EIP) and sometime locks the machine cold.
thanks to everyone on the list in the last 24 hours,
i final achieved a Klips/openswan on 2.6 kernel and hopefully now it will replace my older box,
and i can do SNAT pre ipsec.
now that i have done all this ... did someone just post that you can do this also by using
2.6.16 and latest iptables ? you dont need Klips anymore for doing SNAT before vpn ?
On Fri, 24 Mar 2006 10:08:25 +0100
Sandor Geller <wildy at balabit.hu> wrote:
> ted leslie wrote:
> > never mind,
> > turns out my kernel is putting libs in /lib/modules/2.6.14-smp
> > and the openswan module install in /lib/modules/2.6.14
> > weird that my active kernel is "2.6.14-smp"
> > i.e. uname-a
> > but openswan is ignoring this and just creating directory based on 2.6.14,
> > oh well,
> > i am going to drop the "-smp" of the end of the kernel identifier,
> > so the two are in sync.
> This won't help you. I suggest to try the latest RC (rc5, not rc4), and
> if the unresolved symbols are still present, compile KLIPS statically
> into the kernel, not as a module.
> Sandor Geller
> wildy at balabit.hu
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users