openswan klips and nat-t patches for openmoko added

Paul Wouters paul at xelerance.com
Wed Feb 14 17:44:46 CET 2007


Hi guys,

Great job on the wiki!

I built the 2.6.17.7 kernel using all the patches from quilt. Worked
like a charm. Then I tried to patch in openswan KLIPS and NAT-T support,
which also worked like a charm. After appending the two patches to
the linux-2.6.17.7/patches/series list and rerunning quilt push -a it
patched fine.

So hereby the request to add the following two patches to the kernel:

ftp://ftp.openswan.org/openswan/openswan-2.4.7.kernel-2.6-klips.patch.gz
ftp://ftp.openswan.org/openswan/openswan-2.4.7.kernel-2.6-natt.patch.gz

The NAT-T patch modifies udp.c, and therefor requires a new kernel plus
modules build.  I hope this patch can be included and enabled per default,
so that people who want KLIPS don't need to recompile a stock openmoko
kernel. If the openmoko people think this is too invasive, please put
in the patch but leave CONFIG_IPSEC_NAT_TRAVERSAL unset to allow easier
building for those who do want to enable the option.

The KLIPS patch is a seperate module, and should not impact anyone who
does not want the ipsec.ko module. It can be used without the NAT-T
patch, but this does not make much sense, as phone connectivity is
very likely to be NAT'ed (especially when using GPRS in Germany :)

I am trying not to get into a NETKEY vs KLIPS discussion. Let's give
people a choice on which to use. We are hard at work to merge these
seperate patches into the mainstream kernel and move towards a
"unified stack". This work is ongoing in the openswan-3.x.x series,
which we still deem as "unstable" for now.

Once again, great job on the documentation. It took me 5 minutes to
get the openmoko kernel setup!

Cheers!

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the openmoko-devel mailing list