Hello Cpu,
I think the fix to support cryptoapi is rather simple, it's just broken in
the openswan sources (patch).
If you change the following line in the kernel's linux/net/ipsec/Config.in
from:
bool ' IPsec Modular Extensions' CONFIG_KLIPS_ALG
if [ "$CONFIG_KLIPS_ALG" != "n" ]; then
Hi Cpu,
In makefile.inc
But a much better fix will be to enable cryptoapi in the kernel config and
rebuild openswan against it. Only the standard openswan patch doesn't
contain that option and I have to make a patch against it.
Eric
> Hmmm... Where/how do you set USE_EXTRACRYPTO?
> -cpu
>
>
> E
Hmmm... Where/how do you set USE_EXTRACRYPTO?
-cpu
Eric Spakman wrote:
> Hi Cpu,
>
>> Eric,
>>
>>
>> Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
>> instead of Juanjo's crypto algorithms. But there is no real info on how
to
>>
> The cryptoapi stuff is optional and the ot
Hi Cpu,
> Eric,
>
>
> Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
> instead of Juanjo's crypto algorithms. But there is no real info on how to
>
The cryptoapi stuff is optional and the other ciphers are internal to pluto:
LIBDESSRCDIR=${OPENSWANSRCDIR}/linux/crypto/ciph
Eric,
Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
instead of Juanjo's crypto algorithms. But there is no real info on how to
go from 1.x to 2.x. After getting stuck on SHA2_256 I gave up. Also, on
1.0.9 I made some modifications to ./pluto/kernel.c to allow for multip
Hello Cpu,
A pity 2.4.4 is not working ok for you. You are the first reporting a
problem with it.
I looked through various documents and it seems like all those ciphers are
supported but probably internal.
Does the _startklips fix still suports plain ethx interfaces?
Eric
> Hi Eric,
>
>
> I'm
Hi Eric,
I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the newer
_startklips and the line is the same. To me, this suggests it's making the
same assumptions about the interface. My guess is that it will work.
original 2.4.4
/usr/lib/ipsec/_startklips:
eval `ip addr show $phy
Hello Cpu,
Does the same fix applies to our current openswan-2.4.4?
Eric
> Hello,
>
>
> In addition to specifying a label I couldn't get openswan to work with
> secondary IPs unless I changed this line in _startklips:
>
> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>
> to:
>
>
> e
Hello,
In addition to specifying a label I couldn't get openswan to work with
secondary IPs unless I changed this line in _startklips:
eval `ip addr show $phys primary | grep inet | sed -n 1p |
to:
eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p
-cpu
Charles Steinkuehler w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sandro Doro wrote:
> Hi,
>
> I am testing Bering 2.3.1 with a multiple IP interface as:
>
> # ip addr show eth0
> 5: eth0: mtu 1500 qdisc pfifo_fast qlen
> 1000
> link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff
> inet 82.46.148.130/24
Hi,
I am testing Bering 2.3.1 with a multiple IP interface as:
# ip addr show eth0
5: eth0: mtu 1500 qdisc pfifo_fast qlen
1000
link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff
inet 82.46.148.130/24 brd 82.46.148.255 scope global eth0
inet 82.46.148.128/24 scope global secondary
11 matches
Mail list logo
