Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- isakmpd on kernel 2.4.x
May 10, 2006, 9:13 am
rate this thread
There appears to be a dearth of documentation on configuring
an isakmpd-based vpn on linux 2.4.x; I would appreciate pointers
to available resources.
1. I have built a 2.4.27 kernel with modules for twofish, blowfish,
sha256, crypto_null, sha1, md5, aes, des, ipcomp, xfrm_user, ah4,
ip_gre and esp4; all of them load except ip_gre and esp4 which
fail with unresolved symbols:
ip_gre: nf_hooks, nf_hook_slow
esp4: skb_cow_data, skb_to_sgvec, pskb_put
2. With the above modules loaded, there are no additional
interfaces created (I would expect names like 'enc' tun' , etc)
3. There do not appear to be any ipsec related variables
in 'sysctl -a'
4. Is the utility 'setkey' needed to configure SAs, etc. on this kernel
(one would think isakmpd would handle this)?
5. Is a packet filter package required and if so which one?
My experience is on OpenBSD running 'pf' and 'isakmpd'; I will need to
configure the linux 2.4.x machine to be an ipsec client to the
OpenBSD box (X.509-ESP-AES-SHA).
Kernel 2.6 is not an option, 2.4 is required for other modules.
All replies much appreciated.
Re: isakmpd on kernel 2.4.x
That is, except GRE tunnels module and ESP (IPsec) module. Great. How
would you like it to work now, without ESP? Or maybe AH with
authentication only is enough for you?
Additional interfaces turn up with KLIPS, not with PF_KEY.
Dunno. I'm using Openswan with their KLIPS IPsec implementation.
Feel free to correct my English
- » Security of Linux crypt files compared to PGPdisk?
- — Next thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security