[Openswan Users] KLIPS on debian with 2.6 kernel?

Nick Abbey nickabbey at gmail.com
Thu Sep 25 19:11:37 EDT 2008


Hello World!

I'm new to openSwan, I got started with dd-wrt, but that was seeming like I
was breaking new group, due to the lack of documentation (and documented
sucess stories!).  Finally I realized that installing to a linux distro
first to verify that everything would work would be a better idea then
plugging along with the router install.  Plus it would give me a reference
to compare the dd-wrt install to.  Plus, I'm pretty sure I'm going to have
to build a custom wrt image to get this all working, and that's best done in
linux.

So here I am.  I grabbed the latest debian, 4.04ra and installed to a VMware
box.  It's up and running great.  I'm able to use apt to install openSwan.
I know the IPSEC implementation in Debian with kernel 2.6 is NETKEY.  But
I'm not going to be able to use that on my dd-wrt box.  That distro is on
kernel 2.4 so I'll have to use KLIPS.

I'm reading "Building And Integrating Virtual Private Networks With
Openswan" and there are plenty of instructions on building KLIPS from
source, which I'm sure I can handle.  I'm not a noob but haven't actually
compiled anything under Linux in a while.  Anyway, the point is that I want
to know - if I compile a KLIPS module and load it up, how can I make sure
that openSwan uses it instead of the NETKEY implementation?  Also, since
IPV6 is built in to this kernel, will I have issues using KLIPS?  I know I
can patch in the IPV6 support, but rememebr that this is supposed to be a
reference platform the wrt box, where I will be on IPv4.  To complicate
matters, the intended endpoint host is an iPhone, which is also IPv4.  It
SHOULD be ok for my iPhone to conenct to my linux box due to backwards
compatibilty of IPv6.  notice the stress on "SHOULD".  :)  So what's my best
bet?

I'm thinking...  Custom Kernel with IPv4 and KLIPS built in.

Any advice on the feasibility of this, plus caveats or pitfalls to avaid
would be GREATLY appreciated.

Thanks!

Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080925/e48d9f82/attachment-0001.html 


More information about the Users mailing list