[Openswan Users] Openswan and Kernel Source
David McCullough
David_Mccullough at securecomputing.com
Sun Jan 13 19:21:21 EST 2008
Jivin assiduus at poczta.internetdsl.pl lays it down ...
> Dnia Pt Stycznia 11 2008, 7:43 pm, Anonymous70 napisał(a):
> > I have tried patching a 2.6.23.1 with
> > openswan-2.4.9-kernel-2.6-klips.patch.gz and
> > openswan-2.4.9-kernel-2.6-natt.patch.gz Results:
> > 1. natt patch fails
> > 2. klips even though applied successfully I still get NETKEY
>
> As far as I remember, Changelog to the lastest (2.4.11) release of
> Openswan stated that KLIPS'es NAT-T doesn't work with 2.6.23+ - don't know
> how it relates to the 2.4.9 release but I suppose it still might apply.
> Actually, you managed to go one step further than I did - not only did I
> not manage to apply the NAT-T patch, I also failed with compiling the
> kernel after patching it with the KLIPS patch. ;) As for the second part
> of your post, what I did was to include NETKEY in the kernel as a module
> (along with the rest of the code it needs) and compiled KLIPS also as a
> module so if you don't personally load af_key with, for instance,
> modprobe, you'll get KLIPS and if you do, you'll get NETKEY (at least this
> is how it works for me with 2.4.11).
I posted a non-official nat-t patch for 2.6.23 a while back:
http://lists.openswan.org/pipermail/users/2007-November/013504.html
should be easier to get working than the 2.4.9 version,
Cheers,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
More information about the Users
mailing list