[Openswan Users] better kernel configuration

Felipe Alcacibar falcacibar at gmail.com
Thu Apr 21 16:10:06 EDT 2011


On 21 April 2011 13:42, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 21 Apr 2011, Felipe Alcacibar wrote:
>
>> Hi, i am trying to install openswan in a gentoo linux server, with
>> kernel 2.6.38 (and the amazing improve of this version of kernel), but
>> i don't know and i cannot find documents about how is the best
>> configuration for the kernel at this version, i want to ask about if
>> in the kernel 2.6.38 (or the lastest usable) does not uses klips
>> anymore?
>
> It ships with netkey, but you can still compile klips. Simply run:
>
> cd openswan-2.6.x
> make KERNELSRC=/lib/modules/`uname -r`/build module module_install
>
>> just netkey, and what about nat traversal, it uses too here?
>
> NAT-T is build into the kernel in a way klips and netkey can use it
> as of 2.6.22+
>
>> how patches i need to use, or i don't need patches, and what modules
>> replace the patches?.
>
> No patches if you happy with a klips module (ipsec.ko). However, you
> can still patch klips into the kernel source using "make kpatch"

When i use make kpatch, are some old headers issue with this kernel, a
replacement of linux/config.h to generated/autoconf.h.
I solved this runing the following command in the /usr/src/linux
(kernel sources root) directory:

# find ./include/openswan ./net/ipsec  -type f -iname '*.c' -o -iname
'*.h' -exec sed  -i -e 's|#include <linux/config.h>|#include
<generated/autoconf.h>|g'  '{}' \;

>
> Paul
>

Felipe


More information about the Users mailing list