AW: [Voyage-linux] Question regarding OpenSWAN, FreeSWAN, or racoon

Hofer, Hermann (spam-protected)
Mon Apr 24 17:50:48 HKT 2006 

Hi Punky,

you only need to apply openswan-2.4.5.kernel-2.6-natt.patch and check the new NAT-T option in networking. Also you need the OpenSwan module: ipsec.ko.
openswan-2.4.5.kernel-2.6-klips.patch is for integrating OpenSwan into the kernel which I would not recommend.

In the openswan-2.4.5 source there is a debian directory - I belive this is for debian packaging but I have no knowledge about this.

If you make a new kernel for voyage with openswan included I can test it, but please wait a moment. We also use voyage with a miniPCI ISDN-Card and if you will also integrate this modules I will send you the needed kernel options later.


Thanks
 Hermann

---
AHS Netzwerktechnik GmbH

-----Ursprüngliche Nachricht-----
Von: Kim-man "Punky" TSE [mailto:punkytse at punknix.com] 
Gesendet: Montag, 24. April 2006 11:02
An: Hofer, Hermann
Cc: voyage-linux at voyage.hk
Betreff: Re: AW: [Voyage-linux] Question regarding OpenSWAN, FreeSWAN, or racoon

Hi Hermann,

Can I just apply openswan-2.4.5.kernel-2.6-natt.patch.gz and 
openswan-2.4.5.kernel-2.6-klips.patch.gz to support N-NAT and KLIPS?

For openswan-2.4.5, if there is not too much problem in package 
dependency, I have the environment to backport it. 

Thanks,
Punky

Hofer, Hermann wrote:
> Hello,
>
> we are using OpenVPN and OpenSwan with voyage 0.2. We don't like the included IPSEC-Support in Kernel 2.6 because of the extra interfaces OpenSwan provides for easier firewalling.
>
> For OpenVPN we use the normal package Debian provides, nothing spezial is needed (we use it for bridging). For OpenSwan we patch the voyage kernel-source with the actual openswan-2.4.5 (older versions doesn't support an 2.6.15 kernel), disable internal ipsec support and compile the OpenSwan programs. At the moment I am looking into making a debain package, but time is small.
>
> If there are any questions feel free and ask.
>
>
> Mit freundlichen Grüßen
>  Hermann Hofer
>
> ---
> AHS Netzwerktechnik GmbH
>
> -----Ursprüngliche Nachricht-----
> Von: voyage-linux-bounces+h.hofer=ahsnet.de at list.voyage.hk [mailto:voyage-linux-bounces+h.hofer=ahsnet.de at list.voyage.hk] Im Auftrag von Kim-man "Punky" TSE
> Gesendet: Montag, 24. April 2006 03:24
> An: jdb at beetelecom.net; voyage-linux at voyage.hk
> Betreff: Re: [Voyage-linux] Question regarding OpenSWAN, FreeSWAN, or racoon
>
> Hi John,
>
> I did not tested the openswan in voyage, but I have already enabled some 
> kernel modules to support OpenSWAN.  I heard that 2.6 kernel (or only in 
> debian favour) have included IPSEC support. 
>
> If I were wrong, then let me know how to get it supported, I am willing 
> to include any patches in the kernel by request. 
>
> I think there are some users using openvpn . If anyone has experience in 
> using VPN in voyage, please share your experience as well. 
>
> Punky
>
> John D. Bickle wrote:
>   
>> Hi Everyone.
>>
>> I've been using pebble for a while, and want to make the move to voyage
>> (good work, everyone!)
>>
>> However, i have a question about what you think would be the best VPN
>> strategy.
>>
>> Using pebble, what i did was download the debian packages for freeswan and
>> i ported that to pebble by recompiling a custom kernel with the necessary
>> modules. I'd prefer not to do that again, if i can avoid it.
>>
>> Also FreeSWAN, to the best of my knowledge, is no longer supported. What
>> do you think would be the best strategy for having good VPN software for
>> voyage? should i use OpenSWAN, or perhaps a combination of a custom kernel
>> and use racoon for key exchange? Does anyone have any plans for putting a
>> standard IPSEC package in voyage?
>>
>> any advice or help you can give me with this would be very much appreciated.
>>
>> cheers,
>> john.
>>
>>
>> _______________________________________________
>> Voyage-linux mailing list
>> Voyage-linux at list.voyage.hk
>> http://list.voyage.hk/mailman/listinfo/voyage-linux
>>   
>>     
>
>
>   


-- 
Regards,
Punky
P U N K N ! X  . c o m
Technology + Lifestyle
(http://www.punknix.com)

Voyage Linux
(http://www.voyage.hk/software/voyage.html)

More information about the Voyage-linux mailing list