[Openswan Users] openswan 2.4.12, klips, and recent kernels.

Jordan Paschalidis paschalidis at salt.xgroup.de
Thu May 8 06:10:21 EDT 2008

Weedy wrote:
> Does anyone have 2.4.12 running on 2.6.2[234] using the klips module? 
> Extra points for nat-t and a description of how and any special kernel 
> patches/.config's
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


i can confirm that vanilla 2.6.23 + openswan 2.4.12 + 
openswan-2.4.12.kernel-2.6-klips.patch + 
openswan-2.4.x.kernel-2.6.23-natt.patch + compress is NOT working.

Especially the compress is not working.

I had a setup with a running gw with kernel 2.6.18 + 2.4.9 with klips and 
compress with other gw's also kernel 2.6.18 + 2.4.9 working. Wanting to add 
a new gw, i took kernel 2.6.23 + openswan 2.4.12 + patches for the new gw, 
and could verify that ipsec-packets were leaving the central-gw with 
openswan 2.4.9 and just disappeared on the 2.4.12 side.
Disabling compress let traffic flow again.

For the installation i took this:

mkdir /usr/src/packages
cd /usr/src/packages
wget http://www.openswan.org/download/openswan-2.4.12.tar.gz
wget ftp://ftp.openswan.org/openswan/openswan-2.4.x.kernel-2.6.23-natt.patch
wget ftp://ftp.openswan.org/openswan/openswan-2.4.12.kernel-2.6-klips.patch.gz
wget http://www.de.kernel.org/pub/linux/kernel/v2.6/linux-2.6.23.tar.bz2
gunzip openswan-2.4.12.kernel-2.6-klips.patch.gz
tar xzf openswan-2.4.12.tar.gz

cd /usr/src
bunzip2 -c /usr/src/packages/linux-2.6.23.tar.bz2 | tar xf -
ln -s linux-2.6.23 linux-2.6

cd /usr/src/linux-2.6
patch -p1 < /usr/src/packages/openswan-2.4.x.kernel-2.6.23-natt.patch
patch -p1 < /usr/src/packages/openswan-2.4.12.kernel-2.6-klips.patch

# MOST ANNOYING, 2 files have to be copied by hand
cp /usr/src/packages/openswan-2.4.12/linux/net/ipsec/version.in.c 
#edit /usr/src/linux-2.6/net/ipsec/version.c  and set the version right
cp /usr/src/packages/openswan-2.4.12/linux/net/ipsec/zutil.c 

then proceed with compiling the kernel.

More information about the Users mailing list