see also: Networking in linux, IPSec, 26sec, Openswan
configuration: When going through the options, the following changes needs to be made. All are in the networking options.
PF KEY
sockets option should be either modular or unset.IPSEC NAT-Traversal (KLIPS compatible)
option should be compiled in the kernel.(KLIPS26)
option should be compiled in the kernel. Then enter the KLIPS
options and enable every option apart from the CryptoAPI
algorithm interface option.
for all the compiling erros see troubleshooting
.
Download OpenSwan latest&greates (2.6.22 for instance) source
dpkg-build -b dpkg -i *.deb install kernel-headers /usr/src/modules/openswan/# make KERNELSRC=/usr/src/linux-headers-2.6.26-2-686/ module minstall programs install depmod -a
ipsec.conf
config setup ...... # which IPsec stack to use. netkey,klips,mast,auto or none protostack=klips
To verify if everthing works ..
root@rt:/usr/src/modules/openswan# ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan 2.6.22 (klips) Checking for IPsec support in kernel [OK] KLIPS detected, checking for NAT Traversal support [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED]
net/ipsec/aes/ipsec_alg_aes.c:82: error: syntax error before string constant
See: BUG
Apply this patch: http://bugs.xelerance.com/view.php?id=636, this shoud be fixed in 2.4.6 Openswan.