[Openswan Users] saref patch

Giovani Moda giovani at mrinformatica.com.br
Wed Nov 25 14:13:31 EST 2009

> This might be the few chunks of missing code in the patch as generated
from "make klipsng".
> You can see these chunks in the

Actually it only happens when I port those chunks from
patches/kernel/ to the patch generated by
"make klipsng", so they are not missing, but complaining about a missing
reference to the code I inserted on the patch.

> There is a known limitation at this point. You will have to build
KLIPS inline,
> and not as a module.

I've been told (by you actually), and klips patch is indeed applied.
Setting CONFIG_KLIPS=m or CONFIG_KLIPS=y on .config makes no difference.

> I recently noticd that define too. It is not set anywhere. In my
tests, I just #define'd it.
> I don't have a full fix yet, but I've uploaded my work against 2.6.23
that I partially did last
> week to ftp://ftp.openswan.org/openswan/development/saref-2.6.23.patch

Yes, I can see from your patch that you defined it at ipsec_param.h. My
hunch is that is the key to solve my problem also. I also noticed that
you have merged old-style NAT-T patch in it. I thought that was not
necessary anymore for kernel-2.6.23>. Is that a requirement for saref?

> Hope that might help you a little further. Note that openswan.git
still has some problems with
> KLIPS that need to be addressed. But this patched kernel properly
talked to xl2tpd and conveyed
> the fact that SAref's were supported. But as soon as an SA comes up,
we see a kernel panic, which
> I think is due to non-SAref issues right now.

I'm sure it will help me a lot. I'm also aware of those problems on
openswan.git. I'm just trying to get a base for developing my servers so
it can support new openswan versions and (hopefully) saref when your
(hard) work is done. And that work I must leave to you guys, since,
unfortunately, I'm nowhere near qualified to help you out. All I can do
is test anything you need on different scenarios, as I have the
structure to do so.

I'll test your patch on my environment and report back to you. Let me
know if you need me for something.

Thanks again Paul.


__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4636 (20091125) __________

The message was checked by ESET NOD32 Antivirus.


More information about the Users mailing list