[Openswan Users] Openswan 2.6.X and KLIPS
Agent Smith
news8080 at yahoo.com
Fri Jun 19 22:27:15 EDT 2009
ok,
I ran Centos5.5 which came with 2.6.18-53.el5 and yum updated it to 2.6.18-128.1.6.el5 and I have both sources. Now my goal is to compile klips and NAT-T both into either of these kernels with some recent openswan version.
so far I have tried 'make kpatch' in openswan 2.4.10, 2.4.11, 2.4.13 and 2.4.9 with no success. Each time I get the same error
The only way it works is if I get a vanila kernel from kernel.org and patch it and recompile and I really don't want to do that just to get klips support if I don't have to.
any suggestions? have others ran into this? I only saw 2 links off of google when I plugged my error message about af_inet.c
# cat /etc/redhat-release
CentOS release 5.3 (Final)
# uname -r
2.6.18-128.1.6.el5
# ln -s /usr/src/kernels/2.6.18-53.el5-i686 /usr/src/linux
# pwd
/usr/src/kernels/openswan/openswan-2.4.13
# make kpatch
.....
patching file net/ipsec/version.c
patching file net/ipsec/zutil.c
can't find file to patch at input line 59661
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- swan26/net/ipv4/af_inet.c.orig Wed Jun 16 01:18:58 2004
|+++ swan26/net/ipv4/af_inet.c Fri Aug 13 23:09:27 2004
--------------------------
--- On Fri, 6/19/09, Paul Wouters <paul at xelerance.com> wrote:
> From: Paul Wouters <paul at xelerance.com>
> Subject: Re: [Openswan Users] Openswan 2.6.X and KLIPS
> To: "Agent Smith" <news8080 at yahoo.com>
> Cc: users at openswan.org
> Date: Friday, June 19, 2009, 5:10 PM
> On Fri, 19 Jun 2009, Agent Smith
> wrote:
>
> > I have always patched klips in kernel source and THEN
> ran make KERNELSRC=/usr/src/my_kernel modules;make
> modules_install from openswan source.
> > are you saying that there is easier way to do have
> klips without patching kernel source? I'd love to know how.
>
> You should not point KERNERLSRC to a patched kernel when
> using 'make module'. either patch the kernel
> using make kpatch OR run 'make module'. Don't do both.
>
> Paul
>
> > --- On Fri, 6/19/09, Paul Wouters <paul at xelerance.com>
> wrote:
> >
> >> From: Paul Wouters <paul at xelerance.com>
> >> Subject: Re: [Openswan Users] Openswan 2.6.X and
> KLIPS
> >> To: "Agent Smith" <news8080 at yahoo.com>
> >> Cc: users at openswan.org
> >> Date: Friday, June 19, 2009, 10:14 AM
> >> On Fri, 19 Jun 2009, Agent Smith
> >> wrote:
> >>
> >>> Is it supported? I don't see any klips patches
> for
> >> recent openswan version. I still run 2.4.14 but
> would like
> >> to upgrade to something recent.
> >>>
> >>> and I remember that was a 'talk' about NAT-T
> patch not
> >> being required in future versions of openswan, I
> wonder
> >> whats the stat. on that.
> >>
> >> It is. We have not released it as seperate
> patches
> >> recently. The 2.6
> >> kernel is a moving target and creating these
> patches that
> >> work "as many
> >> kernel sources as possible" is a manual process
> that is
> >> quite an art to
> >> do. By far the easiest is always to run 'make
> module
> >> module_install'
> >> and build klips as a module, instead of patching
> it into
> >> the kernel
> >> source. Especially now you need no more nat-t
> patch for
> >> kernewls >=
> >> 2.6.23.
> >>
> >> We're close to releasing openswan 2.6.22, but are
> looking
> >> into some
> >> KLIPS issues still, specifically a fix that seems
> to be
> >> causing
> >> other issues (bug https://bugs.xelerance.com/issues/1023)
> >>
> >> Paul
> >>
> >
> >
> >
> >
>
More information about the Users
mailing list