Re: Freeswan and kernel 2.4.27
On Fri, 20 May 2005 21:34:11 +0200
Mirko Parthey <mirko.parthey@informatik.tu-chemnitz.de> wrote:
> On Fri, May 20, 2005 at 07:13:47AM -0500, Jacob S wrote:
> > > The Debian kernel is already patched to include a backport of the
> > > IPsec implementation from Linux 2.6. Although I havent't tried
> > > this myself, I would expect this to be the reason why you were not
> > > able to apply the freeswan patch.
> >
> > I had read that Debian kernels included a backport of IPsec from 2.6
> > and originally tried setting up freeswan without it. However, "ipsec
> > barf" reports that there is no kernel support present.
>
> You need patched freeswan userspace tools in order to use them with
> the Linux 2.6 native IPsec or its backport. According to
> /usr/share/doc/freeswan/README.Debian.gz, the patch has been included
> in the Debian freeswan package since version 2.01-2.
> You also need to install ipsec-tools:
> http://packages.debian.org/testing/net/ipsec-tools
>
> Please be aware that my experience with freeswan is a bit dated,
> all of the above is taken from the documentation or mailinglists.
I have freeswan 2.04-11.3 and ipsec-tools 0.5.2-1 - both from Sarge. I
tried upgrading to kernel-image-2.6.8-2-686 but "ipsec barf" still shows
kernel support as missing. I can't find any options for IPsec or Klips
in /boot/config-2.6.8-2-686 or /boot/config-2.4.27-1-686, either.
We tried playing with vpnc, which says it doesn't need kernel support,
but didn't have any success there, either. Documentation seemed to be a
little sparse for configuring it and the stuff I found on Google wasn't
making it work.
My boss finally gave up on it and we bought a Cisco Pix 501 router.
Thanks,
Jacob
Reply to: