[Openswan Users] KIPS broken, NETKEY works

Stefan Denker Stefan at dn-kr.de
Mon Nov 6 02:35:17 EST 2006

On Sun, Nov 05, 2006 at 08:20:48PM +0100, Turbo Fredriksson wrote:
>> It looks fine, except for CONFIG_IPSEC_NET_TRAVERSAL missing. so you
>> did not appply the nat-t patch, so KLIPs won't support nat-t packets
>> (but NETKEY will).
> Previosly I had the following packages installed:

> ----- s n i p ----- linux-patch-openswan_2.4.6+dfsg.2-0.1_all.deb
> This might be why i got TWO ipsec.ko modules - one in the
> 'kernel-image-2.6.17' package and one in the 'openswan-modules-2.6.17'
> package. 

Yes. One patched directly into the kernel, the other from seperate

> It (KLIPS) didn't work with EITHER of the modules, so there
> might be some clashes there...  I'm trying again WITHOUT the
> 'linux-patch-openswan' package...

> Oki, it seems like I STILL have to apply a patch manually before
> running 'make-kpkg binary-arch modules'. This patch is in
> /usr/src/modules/openswan/debian/nat-t-2.6.diff.

No, you don't have to. make-kpkg does this for you. Call it with
"make-kpkg --added-modules openswan ..." and please read the man page. 
You could also put "patch_the_kernel = YES" into /etc/kernel-pkg.conf,
which makes make-kpkg always include all modules in /usr/src/ into the
kernel. Again, read "man make-kpkg" and "make kernel-pkg.conf". 

> This kernel STILL doesn't work. And what's worse, I can't ping anything
> on the work network.

Hope you're more lucky the next try. 

141 Reasons why you can't find your system administrator:
44.(S)he's standing behind you, holding an axe.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20061106/acb56d43/attachment.bin 

More information about the Users mailing list