[Openswan Users] building

ted leslie tleslie at tcn.net
Fri Mar 24 05:10:44 CET 2006 

i was using rc5
and when i merged it so there wasnt the lib/module/2.4.16-smp and 2.4.16
so the openswan ipsec.ko was put in,
and not the ipsec.ko made from the kernel, 
it odd, the kernel when patched, makes a ipsec.ko and the openswan distro (make ... module)
does to, but only the one in the openswan distro accesses the for example des_ede3_cbc_encrypt
which seems to be only in a assembly language *.s file in teh openswan distro, and not
available to the kernel (or patched kernel). or maybe i just screwed something else up in the
install, but anyways it is working now.
had to turn off SMP, with it on, the ipsec does a IEP (or EIP) and sometime locks the machine cold.

thanks to everyone on the list in the last 24 hours,
i final achieved a Klips/openswan on 2.6 kernel and hopefully now it will replace my older box,
and i can do SNAT pre ipsec.

now that i have done all this ... did someone just post that you can do this also by using
2.6.16 and latest iptables ? you dont need Klips anymore for doing SNAT before vpn ?


-tl

On Fri, 24 Mar 2006 10:08:25 +0100
Sandor Geller <wildy at balabit.hu> wrote:

> ted leslie wrote:
> > never mind,
> > 
> > turns out my kernel is putting libs in  /lib/modules/2.6.14-smp
> > 
> > and the openswan module install in   /lib/modules/2.6.14
> > 
> > weird that my active kernel is "2.6.14-smp"
> > i.e. uname-a
> > 
> > but openswan is ignoring this and just creating directory based on 2.6.14,
> > oh well,
> > i am  going to drop the  "-smp" of the end of the kernel identifier,
> > so the two are in sync.
> 
> This won't help you. I suggest to try the latest RC (rc5, not rc4), and
> if the unresolved symbols are still present, compile KLIPS statically
> into the kernel, not as a module.
> 
> -- 
> Sandor Geller
> wildy at balabit.hu
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list