--first let my apologize for my delayed reply, i'm currently out of town and
my access is limited to the late evenings.
I could indeed be wrong in reference to the bering specifics. I assumed
however that it followed the same basics of the dachstein installations.
come to think of it, there are some differences that you may need to
reference. under a dachstein installation, you needed and ipsec enabled
kernel, where as under bering, the ipsec.o module might solve that part of
the equation. in that case you would need the stock bering kernel, then
load the ipsec.o module (as part of modules.conf) and then load the
ipsec.lrp for bering. try that and let me know your results. upon
returning to houston i am thinking about upgrading to a bering installation
for testing purposes, i'll have to keep this very topic in my mind as i
change over...
good luck
joey
----- Original Message -----
From: Erich Titl <[EMAIL PROTECTED]>
To: Joey Officer <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 14, 2002 2:29 AM
Subject: Re: ipsec.o missing in ipsec.lrp
Hi Joey, I moved this over to leaf-user
Thanks for the info. I was just wondering why KLIPS (aparently the ipsec
beast) would be reported missing unless I had ipsec.o loaded into the
kernel. I must confess that my ipsec.conf rules are far from completed, so
this may come into play.
Funny enough, in the Bering user guide setup description there is a note to
install ipsec.o. I was just assuming that a 'package' contained all parts
needed to run it, but possibly the size of 160K rules this out.
At 00:36 14.11.2002, Joey Officer wrote:
>if you are referring to the ipsec.o module that should be in /lib/modules,
>the reason that it is not included is because it is not needed for the
ipsec
>to work. ipsec.lrp and ipsec.o are two seperate beasts altogether.
ipsec.o
>is used for passing through ipsec requests (to an internal IPSec machine),
>whereas ipsec.lrp is the package to implement an IPSec server on the
gateway
>itself. And you do NOT need ipsec.o to make an ipsec connection work.
Why then the following in _startklips
# load module if necessary
if test ! -f $ipsecversion
then
if test -r $modules # kernel does have modules
#<Bering>
then
# setmodule
# unset MODPATH MODULECONF # no user overrides!
# depmod -a >/dev/null 2>&1 && modprobe ipsec
test -r /lib/modules/ipsec.o && insmod /lib/modules/ipsec.o
#</Bering>
fi
if test ! -f $ipsecversion
then
echo "kernel appears to lack KLIPS"
exit 1
fi
fi
Erich
THINK
P�ntenstrasse 39
8143 Stallikon
mailto:erich.titl@;think.ch
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
