[[openswan:klips26]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
openswan:klips26 [2006/07/25 15:29]
a created 		openswan:klips26 [2009/12/08 00:49] (current)
a
Line 1: Line 1:
 ====== Openswan in 2.6 kernel with KLIPS ====== ====== Openswan in 2.6 kernel with KLIPS ======
 +
 +see also: [[:linux:networking|Networking in linux]], [[:ipsec|IPSec]], [[:openswan:26sec]], [[:openswan|Openswan]]
  
 ===== Compiling the kernel ===== ===== Compiling the kernel =====
  
 +  * get linux 2.6 source
 +  * apply KLIPS26 patch from www.openswan.org
 +  * apply NAT-T (KLIPS) patch from www.openswan.org
 +
 +**configuration:** When going through the options, the following changes needs to be made. All are in the networking options.
 +
 +   - The **''PF KEY''** sockets option should be __either modular or unset__.
 +   - The **''IPSEC NAT-Traversal (KLIPS compatible)''** option should be compiled in the kernel.
 +   - The Openswan IPsec **''(KLIPS26)''** option should __be compiled in the kernel__. Then enter the ''KLIPS'' options and enable every option apart from the ''CryptoAPI'' algorithm interface option.
 +
 +**for all the compiling erros see ''troubleshooting''**.
 +
 +===== Compile KLIPS modules only (new way) =====
 +
 +Download OpenSwan latest&greates (2.6.22 for instance) source
 +   dpkg-build -b
 +   dpkg -i *.deb
 +   install kernel-headers
 +   /usr/src/modules/openswan/# make KERNELSRC=/usr/src/linux-headers-2.6.26-2-686/ module minstall programs install
 +   depmod -a
 +
 +''**ipsec.conf**''
 +<code>
 +config setup
 +             ......
 + # which IPsec stack to use. netkey,klips,mast,auto or none
 + protostack=klips
 +</code>
 +
 +To verify if everthing works .. 
 +<code>
 +root@rt:/usr/src/modules/openswan# ipsec verify
 +Checking your system to see if IPsec got installed and started correctly:
 +Version check and ipsec on-path                              [OK]
 +Linux Openswan 2.6.22 (klips)
 +Checking for IPsec support in kernel                        [OK]
 +KLIPS detected, checking for NAT Traversal support          [OK]
 +Checking for RSA private key (/etc/ipsec.secrets)            [OK]
 +Checking that pluto is running                              [OK]
 +Two or more interfaces found, checking IP forwarding        [OK]
 +Checking NAT and MASQUERADEing                              [OK]
 +Checking for 'ip' command                                    [OK]
 +Checking for 'iptables' command                              [OK]
 +Opportunistic Encryption Support                            [DISABLED]
 +</code>
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
 +
 ==== klips26 < 2.4.6 & kernel 2.6.17.x ==== ==== klips26 < 2.4.6 & kernel 2.6.17.x ====
  
Line 11: Line 59:
 See: [[http://bugs.xelerance.com/view.php?id=647|BUG]] See: [[http://bugs.xelerance.com/view.php?id=647|BUG]]
  
-**Apply this patch:** [[http://bugs.xelerance.com/view.php?id=636]] +**Apply {{openswan:openswan-2.4.5-linux-2.6.17.patch|this}} patch:** [[http://bugs.xelerance.com/view.php?id=636]], this shoud be fixed in 2.4.6 Openswan.
- +
- +
openswan/klips26.1153834181.txt.gz · Last modified: 2009/05/25 00:34 (external edit)
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready