AW: [Voyage-linux] Question regarding OpenSWAN, FreeSWAN, or racoon

Kim-man "Punky" TSE (spam-protected)
Mon Apr 24 18:40:14 HKT 2006 

Hi Hermann,

Yes, let me know what option for ISDN-card to enable in the kernel 
config so that I can include it in voyage kernel.

Thank you for sharing your experience to build ipsec module.  Otherwise, 
I would will patch the kernel instead of building external module.

- Punky

Hofer, Hermann wrote:

> Hi Punky,
>
> you only need to apply openswan-2.4.5.kernel-2.6-natt.patch and check the new NAT-T option in networking. Also you need the OpenSwan module: ipsec.ko.
> openswan-2.4.5.kernel-2.6-klips.patch is for integrating OpenSwan into the kernel which I would not recommend.
>
> In the openswan-2.4.5 source there is a debian directory - I belive this is for debian packaging but I have no knowledge about this.
>
> If you make a new kernel for voyage with openswan included I can test it, but please wait a moment. We also use voyage with a miniPCI ISDN-Card and if you will also integrate this modules I will send you the needed kernel options later.
>
>
> Thanks
>  Hermann
>
> ---
> AHS Netzwerktechnik GmbH
>
> -----Ursprüngliche Nachricht-----
> Von: Kim-man "Punky" TSE [mailto:punkytse at punknix.com] 
> Gesendet: Montag, 24. April 2006 11:02
> An: Hofer, Hermann
> Cc: voyage-linux at voyage.hk
> Betreff: Re: AW: [Voyage-linux] Question regarding OpenSWAN, FreeSWAN, or racoon
>
> Hi Hermann,
>
> Can I just apply openswan-2.4.5.kernel-2.6-natt.patch.gz and 
> openswan-2.4.5.kernel-2.6-klips.patch.gz to support N-NAT and KLIPS?
>
> For openswan-2.4.5, if there is not too much problem in package 
> dependency, I have the environment to backport it. 
>
> Thanks,
> Punky
>
> Hofer, Hermann wrote:
>   
>> Hello,
>>
>> we are using OpenVPN and OpenSwan with voyage 0.2. We don't like the included IPSEC-Support in Kernel 2.6 because of the extra interfaces OpenSwan provides for easier firewalling.
>>
>> For OpenVPN we use the normal package Debian provides, nothing spezial is needed (we use it for bridging). For OpenSwan we patch the voyage kernel-source with the actual openswan-2.4.5 (older versions doesn't support an 2.6.15 kernel), disable internal ipsec support and compile the OpenSwan programs. At the moment I am looking into making a debain package, but time is small.
>>
>> If there are any questions feel free and ask.
>>
>>
>> Mit freundlichen Grüßen
>>  Hermann Hofer
>>
>> ---
>> AHS Netzwerktechnik GmbH
>>
>> -----Ursprüngliche Nachricht-----
>> Von: voyage-linux-bounces+h.hofer=ahsnet.de at list.voyage.hk [mailto:voyage-linux-bounces+h.hofer=ahsnet.de at list.voyage.hk] Im Auftrag von Kim-man "Punky" TSE
>> Gesendet: Montag, 24. April 2006 03:24
>> An: jdb at beetelecom.net; voyage-linux at voyage.hk
>> Betreff: Re: [Voyage-linux] Question regarding OpenSWAN, FreeSWAN, or racoon
>>
>> Hi John,
>>
>> I did not tested the openswan in voyage, but I have already enabled some 
>> kernel modules to support OpenSWAN.  I heard that 2.6 kernel (or only in 
>> debian favour) have included IPSEC support. 
>>
>> If I were wrong, then let me know how to get it supported, I am willing 
>> to include any patches in the kernel by request. 
>>
>> I think there are some users using openvpn . If anyone has experience in 
>> using VPN in voyage, please share your experience as well. 
>>
>> Punky
>>
>> John D. Bickle wrote:
>>   
>>     
>>> Hi Everyone.
>>>
>>> I've been using pebble for a while, and want to make the move to voyage
>>> (good work, everyone!)
>>>
>>> However, i have a question about what you think would be the best VPN
>>> strategy.
>>>
>>> Using pebble, what i did was download the debian packages for freeswan and
>>> i ported that to pebble by recompiling a custom kernel with the necessary
>>> modules. I'd prefer not to do that again, if i can avoid it.
>>>
>>> Also FreeSWAN, to the best of my knowledge, is no longer supported. What
>>> do you think would be the best strategy for having good VPN software for
>>> voyage? should i use OpenSWAN, or perhaps a combination of a custom kernel
>>> and use racoon for key exchange? Does anyone have any plans for putting a
>>> standard IPSEC package in voyage?
>>>
>>> any advice or help you can give me with this would be very much appreciated.
>>>
>>> cheers,
>>> john.
>>>
>>>
>>> _______________________________________________
>>> Voyage-linux mailing list
>>> Voyage-linux at list.voyage.hk
>>> http://list.voyage.hk/mailman/listinfo/voyage-linux
>>>   
>>>     
>>>       
>>   
>>     
>
>
>   


-- 
Regards,
Punky
P U N K N ! X  . c o m
Technology + Lifestyle
(http://www.punknix.com)

Voyage Linux
(http://www.voyage.hk/software/voyage.html)

More information about the Voyage-linux mailing list