[Openswan Users] Openswan 2.6.X and KLIPS

[Paul Wouters]

On Fri, 19 Jun 2009, Agent Smith wrote:

> I have always patched klips in kernel source and THEN ran make KERNELSRC=/usr/src/my_kernel modules;make modules_install from openswan source.
> are you saying that there is easier way to do have klips without patching kernel source? I'd love to know how.

You should not point KERNERLSRC to a patched kernel when using 'make module'. either patch the kernel
using make kpatch OR run 'make module'. Don't do both.

Paul

> --- On Fri, 6/19/09, Paul Wouters <paul at xelerance.com> wrote:
>
>> From: Paul Wouters <paul at xelerance.com>
>> Subject: Re: [Openswan Users] Openswan 2.6.X and KLIPS
>> To: "Agent Smith" <news8080 at yahoo.com>
>> Cc: users at openswan.org
>> Date: Friday, June 19, 2009, 10:14 AM
>> On Fri, 19 Jun 2009, Agent Smith
>> wrote:
>>
>>> Is it supported? I don't see any klips patches for
>> recent openswan version. I still run 2.4.14 but would like
>> to upgrade to something recent.
>>>
>>> and I remember that was a 'talk' about NAT-T patch not
>> being required in future versions of openswan, I wonder
>> whats the stat. on that.
>>
>> It is. We have not released it as seperate patches
>> recently. The 2.6
>> kernel is a moving target and creating these patches that
>> work "as many
>> kernel sources as possible" is a manual process that is
>> quite an art to
>> do. By far the easiest is always to run 'make module
>> module_install'
>> and build klips as a module, instead of patching it into
>> the kernel
>> source. Especially now you need no more nat-t patch for
>> kernewls >=
>> 2.6.23.
>>
>> We're close to releasing openswan 2.6.22, but are looking
>> into some
>> KLIPS issues still, specifically a fix that seems to be
>> causing
>> other issues (bug https://bugs.xelerance.com/issues/1023)
>>
>> Paul
>>
>
>
>
>