Hi Fernando, On Sun, Aug 17, 2003 at 11:53:47PM -0400, Fernando Valderrama wrote: > The latest Suse Security Bulletin (SuSE-SA:2003:034) Brings in a > source code where apparently the freeswan is dropped out from the > kernel config menu. The /usr/src/linux/net Config.in makes reference > to net/key instead of net/ipsec, therefore breaking freeswan. When I > changed the net/key to net/ipsec, the compilation of superfreeswan > 1.99.5.1 errors out with: > > ipsec4.c:316: `IPSEC_MODE_TRANSPORT' undeclared (first use in this > function) make[4]: *** [ipsec4.o] Error 1 > > If anyone familiar with Suse and superfreeswan knows about this,
SuSE has cleaned up and subsequently merged the USAGI patches to get decent IPv6 support (to meet the CGL specification). The USAGI patches include a kernel implementation to support IPsec (and IPsecv6). Thus you don't need to compile KLIPS any more. Olaf Kirch has done most of the hard work. Unfortunately the pfkey interface is poorly standardized and the one from USAGI is quite different from what KLIPS does (which is different from what kernel 2.6 does). I'm afraid, you won't be able to compile a standard FreeS/WAN or SuperFreeS/WAN on a USAGI kernel. There are also patches to FreeS/WAN to make it work with the USAGI kernel interface. I have FreeS/WAN packages on my webpage http://www.suse.de/~garloff/linux/FreeSWAN/ for USAGI and non-USAGI SuSE kernels. Unfortunately, the USAGI packages do not have all the SuperFreeS/WAN features (the non USAGI ones do have all the important things). If you want to build a USAGI SuperFreeS/WAN, it's probably a good idea to start with my source RPMs, where I have split and cleaned up the USAGI patches to pluto. I would appreciate if you let me know about your progress. Good luck, -- Kurt Garloff <[EMAIL PROTECTED]> [Koeln, DE] Physics:Plasma modeling <[EMAIL PROTECTED]> [TU Eindhoven, NL] Linux:SCSI, Security <[EMAIL PROTECTED]> [SuSE Nuernberg, DE]
pgp00000.pgp
Description: PGP signature
