openswan klips and nat-t patches for openmoko added
paul at xelerance.com
Wed Feb 14 17:44:46 CET 2007
Great job on the wiki!
I built the 126.96.36.199 kernel using all the patches from quilt. Worked
like a charm. Then I tried to patch in openswan KLIPS and NAT-T support,
which also worked like a charm. After appending the two patches to
the linux-188.8.131.52/patches/series list and rerunning quilt push -a it
So hereby the request to add the following two patches to the kernel:
The NAT-T patch modifies udp.c, and therefor requires a new kernel plus
modules build. I hope this patch can be included and enabled per default,
so that people who want KLIPS don't need to recompile a stock openmoko
kernel. If the openmoko people think this is too invasive, please put
in the patch but leave CONFIG_IPSEC_NAT_TRAVERSAL unset to allow easier
building for those who do want to enable the option.
The KLIPS patch is a seperate module, and should not impact anyone who
does not want the ipsec.ko module. It can be used without the NAT-T
patch, but this does not make much sense, as phone connectivity is
very likely to be NAT'ed (especially when using GPRS in Germany :)
I am trying not to get into a NETKEY vs KLIPS discussion. Let's give
people a choice on which to use. We are hard at work to merge these
seperate patches into the mainstream kernel and move towards a
"unified stack". This work is ongoing in the openswan-3.x.x series,
which we still deem as "unstable" for now.
Once again, great job on the documentation. It took me 5 minutes to
get the openmoko kernel setup!
Building and integrating Virtual Private Networks with Openswan:
More information about the openmoko-devel