On Fri, 20 May 2005 21:34:11 +0200 Mirko Parthey <[EMAIL PROTECTED]> wrote:
> On Fri, May 20, 2005 at 07:13:47AM -0500, Jacob S wrote: > > > The Debian kernel is already patched to include a backport of the > > > IPsec implementation from Linux 2.6. Although I havent't tried > > > this myself, I would expect this to be the reason why you were not > > > able to apply the freeswan patch. > > > > I had read that Debian kernels included a backport of IPsec from 2.6 > > and originally tried setting up freeswan without it. However, "ipsec > > barf" reports that there is no kernel support present. > > You need patched freeswan userspace tools in order to use them with > the Linux 2.6 native IPsec or its backport. According to > /usr/share/doc/freeswan/README.Debian.gz, the patch has been included > in the Debian freeswan package since version 2.01-2. > You also need to install ipsec-tools: > http://packages.debian.org/testing/net/ipsec-tools > > Please be aware that my experience with freeswan is a bit dated, > all of the above is taken from the documentation or mailinglists. I have freeswan 2.04-11.3 and ipsec-tools 0.5.2-1 - both from Sarge. I tried upgrading to kernel-image-2.6.8-2-686 but "ipsec barf" still shows kernel support as missing. I can't find any options for IPsec or Klips in /boot/config-2.6.8-2-686 or /boot/config-2.4.27-1-686, either. We tried playing with vpnc, which says it doesn't need kernel support, but didn't have any success there, either. Documentation seemed to be a little sparse for configuring it and the stuff I found on Google wasn't making it work. My boss finally gave up on it and we bought a Cisco Pix 501 router. Thanks, Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
