isakmpd on kernel 2.4.x

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

There appears to be a dearth of documentation on configuring
an isakmpd-based vpn on linux 2.4.x; I would appreciate pointers
to available resources.

Basic questions:

1. I have built a 2.4.27 kernel with modules for twofish, blowfish,
   sha256, crypto_null, sha1, md5, aes, des, ipcomp, xfrm_user, ah4,
   ip_gre and esp4; all of them load except ip_gre and esp4 which
   fail with unresolved symbols:
   ip_gre: nf_hooks, nf_hook_slow
   esp4: skb_cow_data, skb_to_sgvec, pskb_put

2. With the above modules loaded, there are no additional
   interfaces created (I would expect names like 'enc' tun' , etc)

3. There do not appear to be any ipsec related variables
    in 'sysctl -a'

4. Is the utility 'setkey' needed to configure SAs, etc. on this kernel
    (one would think isakmpd would handle this)?

5. Is a packet filter package required and if so which one?

My experience is on OpenBSD running 'pf' and 'isakmpd'; I will need to
configure the linux 2.4.x machine to be an ipsec client to the
OpenBSD box (X.509-ESP-AES-SHA).

Kernel 2.6 is not an option, 2.4 is required for other modules.

All replies much appreciated.

Michael Grigoni
Cybertheque Museum

Re: isakmpd on kernel 2.4.x

Quoted text here. Click to load it

That is, except GRE tunnels module and ESP (IPsec) module. Great. How
would you like it to work now, without ESP? Or maybe AH with
authentication only is enough for you?

Quoted text here. Click to load it

Additional interfaces turn up with KLIPS, not with PF_KEY.

Quoted text here. Click to load it

Dunno. I'm using Openswan with their KLIPS IPsec implementation.

Feel free to correct my English
Stanislaw Klekot

Re: isakmpd on kernel 2.4.x

msg wrote:

Quoted text here. Click to load it

Apparently an unreported bug: the kernel must be built with
CONFIG_MODVERSIONS not set; the above symbols are in
the kernel (seen with 'ksysms') but are suffixed with versioning.

All modules load correctly now.


Site Timeline