[Openswan Users] Switching klips to cryptoapi

Giovani Moda giovani at mrinformatica.com.br
Tue Nov 3 09:44:17 EST 2009 

As Paul requested, I'll state what I did to switch klips to kernel
cryptoapi. I've changed settings on defconfig and created a new file for
def_include. I'll attach both of them for references. This was done on
Ubuntu 9.04.

 

Download openswan-2.6.24rc1.tar.gz and extract it. Enter
openswan-2.6.24rc1 directory and:

 

cp packaging/linus/config-all.h packaging/linus/ubuntu9.h

 

Edit packaging/linus/ubuntu9.h to match the file attached. Basically,
those are the changes made:

 

define CONFIG_KLIPS_AH 0

define CONFIG_KLIPS_ENC_3DES 0

define CONFIG_KLIPS_ENC_AES 0

define CONFIG_KLIPS_ENC_CRYPTOAPI 1

 

This is important: I had to add those lines to the file or the module
would compile but fail to load:

 

#undef CONFIG_KLIPS_ENC_3DES

#undef CONFIG_KLIPS_ENC_AES

#undef CONFIG_KLIPS_AH

 

Edit linux/net/ipsec/defconfig to match the file attached. What I
changed was:

 

CONFIG_KLIPS_AH=n

CONFIG_KLIPS_ENC_3DES=n

CONFIG_KLIPS_ENC_AES=n

CONFIG_KLIPS_ENC_CRYPTOAPI=y

 

Compile and install the module with:

 

make module KERNELSRC=/lib/modules/2.6.28-15-generic/build/
MODULE_DEF_INCLUDE=/usr/src/openswan/openswan-2.6.24rc1/packaging/linus/
ubuntu9.h
MODULE_DEFCONFIG=/usr/src/openswan/openswan-2.6.24rc1/linux/net/ipsec/de
fconfig

 

make minstall KERNELSRC=/lib/modules/2.6.28-15-generic/build/
MODULE_DEF_INCLUDE=/usr/src/openswan/openswan-2.6.24rc1/packaging/linus/
ubuntu9.h
MODULE_DEFCONFIG=/usr/src/openswan/openswan-2.6.24rc1/linux/net/ipsec/de
fconfig

 

Remember to change KERNELSRC to the correct location of your kernel
headers and MODULE_DEF_INCLUDE and MODULE_DEFCONFIG to the location of
the files edited above. I'm not covering compiling the userland or
configuring ipsec.conf here, but you'll need David McCullough NAT-T
patches to get it working with l2tp/ipsec.

 

Hope it helps,

 

Giovani

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091103/2a0ec817/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: defconfig
Type: application/octet-stream
Size: 1466 bytes
Desc: defconfig
Url : http://lists.openswan.org/pipermail/users/attachments/20091103/2a0ec817/attachment-0002.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ubuntu9.h
Type: application/octet-stream
Size: 2287 bytes
Desc: ubuntu9.h
Url : http://lists.openswan.org/pipermail/users/attachments/20091103/2a0ec817/attachment-0003.obj

More information about the Users mailing list