[Openswan Users] build openswan 2.6.26 rpm with klips kernel module

Michael H. Warfield mhw at WittsEnd.com
Thu May 27 20:57:33 EDT 2010 

On Thu, 2010-05-27 at 17:05 -0700, Steve Zeng wrote: 
> Anybody has a spec file available to build openswan-2.6.26 rpm with klips kernel module on redhat/Centos/Fedora?
> 
> I tried to run "make KERNELSRC=/lib/modules/`uname -r`/build module minstall" but get the following errors:
> 
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c: In function âipsec_tunnel_hard_headerâ:
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: implicit declaration of function âip_hdrâ
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1072: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1098: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1098: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1098: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1098: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1098: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1098: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c: In function âipsec_tunnel_rebuild_headerâ:
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1174: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1174: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1174: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1174: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1174: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1174: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1193: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1193: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1193: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1193: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1193: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1193: error: invalid type argument of â->â
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c: In function âipsec_tunnel_cache_updateâ:
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1327: warning: passing argument 1 of ânetdev_privâ discards qualifiers from pointer target type
> /usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.c:1376: warning: passing argument 3 of âprv->header_cache_updateâ discards qualifiers from pointer target type
> make[3]: *** [/usr/src/redhat/BUILD/openswan-2.6.26/modobj26/ipsec_tunnel.o] Error 1
> make[2]: *** [_module_/usr/src/redhat/BUILD/openswan-2.6.26/modobj26] Error 2
> make[2]: Leaving directory `/usr/src/kernels/2.6.18-53.el5-i686'
> make[1]: *** [module26] Error 2
> make[1]: Leaving directory `/usr/src/redhat/BUILD/openswan-2.6.26'
> make: *** [module] Error 2

> Thanks in advance. 

Oh man...  Here there be dragons...

Seriously...

If you are going to go the rpm route (as I have) you may as well bite
the bullet and go with netkey.  Otherwise, you're going to have an
openswan rpm that depends on kernel version and you'll have to have both
versions incorporated into the versioning of the rpm and it's just going
to be a morass of dependencies and sooner or later your going to get yum
and those dependencies with their shorts in a knot.

If you want klips, then you really need to do an independent klips kmod
rpm or seriously look into dkms or build klips as part of the install
process for the OpenSWAN vpn (ala VMware or VirtualBox or a host of
others).  Just forget about building an object binary for a kernel
module and including it in the application rpm.

Once you're comfortable with really working with policies and addresses
(instead of routes) I really don't see any advantage at all to klips.
The whole ipsec interface thing really just obfuscates the fact that
ipsec is fundamentally a policy vpn as opposed to a routed vpn (like
OpenVPN).  Once I had my connections worked out and any firewall rules
set up based on the same address policies, everything worked and I've
never looked back at klips since.

> Steve 

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20100527/3f21929f/attachment.bin

More information about the Users mailing list