[Openswan Users] change in status of the KLIPS patch in openswan 2.4., 10 - re linux kernels >= 2.6.22

John Lumby johnlumby at hotmail.com
Mon Nov 19 14:00:03 EST 2007 

I have used the KLIPS patch from openswan's up to 2.4.9 successfully in linux kernels up to 2.6.20.      I've used it for a proprietary mostly-object-code-only VPN product, which needs to use an ipsec[n] interface.

In the past, I've tried to follow the instructions in the README for 2.6 kernels that avoid needing to patch the  kernel by instead building the ipsec.ko module and insmod'ing that.   But although the build always seems to work, any attempt to insmod this ipsec.ko results in something like

insmod: error inserting '/sysbuild/openswan-2.4.10/modobj26/ipsec.ko': -1 File exists

and then all networking functions are hosed, and although some things still work, shutdown also fails (in trying to shut networking functions I assume)  and I have to pull the plug.       I have no other module named ipsec.ko, either as a file or loaded in the kernel.

I have never really attempted to investigate this since the patch-the-kernel method has always worked - until kernel 2.6.22.     With openswan 2.4.9, building the patched kernel fails with numerous compile errors relating to the skbuff (mentioned in this list).       2.4.10 supplies a file 

openswan-2.4.10.kernel-2.6-klips.patch

(same naming convention as for openswan 2.4.9)

but there is very little in it and I don't believe it would provide the same function of making an ipsec[n] interface   (Must confess I didn't try).    What does this file do?

I tried once more building the ipsec.ko module but still same 'file exists' and system hosed.

1/   will there (ever) be a new KLIPS patch that can be applied to linux kernels 2.6.22 and later and does what the older KLIPS patches did on oldrer kernels,, i.e. create the ipsec[n] interfaces?
2/   anyone else seen this 'file exists' error with the module?     Are there any prereq's or must-not-have's in the kernel .config for this module?
3/  Am I doing something wrong?    Or - what should I do to get the ipsec[n] in 2.6.22?


John Lumby

_________________________________________________________________
Express yourself with free Messenger emoticons. Get them today!
http://www.freemessengeremoticons.ca/?icid=EMENCA122
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071119/5c00141c/attachment.html

More information about the Users mailing list