This is an old revision of the document!
Openswan in 2.6 kernel with KLIPS
see also: Networking in linux, IPSec, 26sec, Openswan
Compiling the kernel
- get linux 2.6 source
- apply KLIPS26 patch from www.openswan.org
- apply NAT-T (KLIPS) patch from www.openswan.org
configuration: When going through the options, the following changes needs to be made. All are in the networking options.
- The
PF KEY
sockets option should be either modular or unset. - The
IPSEC NAT-Traversal (KLIPS compatible)
option should be compiled in the kernel. - The Openswan IPsec
(KLIPS26)
option should be compiled in the kernel. Then enter theKLIPS
options and enable every option apart from theCryptoAPI
algorithm interface option.
for all the compiling erros see troubleshooting
.
Troubleshooting
klips26 < 2.4.6 & kernel 2.6.17.x
net/ipsec/aes/ipsec_alg_aes.c:82: error: syntax error before string constant
See: BUG
Apply this patch: http://bugs.xelerance.com/view.php?id=636, this shoud be fixed in 2.4.6 Openswan.