openswan klips and nat-t patches for openmoko added
Paul Wouters
paul at xelerance.com
Wed Feb 14 17:44:46 CET 2007
Hi guys,
Great job on the wiki!
I built the 2.6.17.7 kernel using all the patches from quilt. Worked
like a charm. Then I tried to patch in openswan KLIPS and NAT-T support,
which also worked like a charm. After appending the two patches to
the linux-2.6.17.7/patches/series list and rerunning quilt push -a it
patched fine.
So hereby the request to add the following two patches to the kernel:
ftp://ftp.openswan.org/openswan/openswan-2.4.7.kernel-2.6-klips.patch.gz
ftp://ftp.openswan.org/openswan/openswan-2.4.7.kernel-2.6-natt.patch.gz
The NAT-T patch modifies udp.c, and therefor requires a new kernel plus
modules build. I hope this patch can be included and enabled per default,
so that people who want KLIPS don't need to recompile a stock openmoko
kernel. If the openmoko people think this is too invasive, please put
in the patch but leave CONFIG_IPSEC_NAT_TRAVERSAL unset to allow easier
building for those who do want to enable the option.
The KLIPS patch is a seperate module, and should not impact anyone who
does not want the ipsec.ko module. It can be used without the NAT-T
patch, but this does not make much sense, as phone connectivity is
very likely to be NAT'ed (especially when using GPRS in Germany :)
I am trying not to get into a NETKEY vs KLIPS discussion. Let's give
people a choice on which to use. We are hard at work to merge these
seperate patches into the mainstream kernel and move towards a
"unified stack". This work is ongoing in the openswan-3.x.x series,
which we still deem as "unstable" for now.
Once again, great job on the documentation. It took me 5 minutes to
get the openmoko kernel setup!
Cheers!
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the openmoko-devel
mailing list