Hi: Here is a preliminary patch against FreeSwan 2.00 to make the userspace part of it work with the new Linux 2.5 IPsec stack. Please note that this is a work in progress so don't be surprised if things don't work. In particular, this version requires a patch to Linux <= 2.5.69 which is included below. I've been informed this patch will be incorporated into future versions of Linux. What still remains to be done is support for shunt routes and as a result, Opportunistic Encryption. It also needs to be changed to work with the algorithms patch. Since I only use whack to communicate with pluto, the shell scripts are as yet untested. Please let me know if there are problems there. Here is the URL to the patch: http://gondor.apana.org.au/~herbert/freeswan/freeswan-linux-ipsec.patch.gz Please let me know if it breaks KLIPS in anyway as the goal is to have one binary which works with both KLIPS and the Linux IPsec stack. Cheers, -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Index: include/linux/pfkeyv2.h =================================================================== RCS file: /home/gondolin/herbert/src/CVS/debian/kernel-source-2.5/include/linux/pfkeyv2.h,v retrieving revision 1.1.1.5 diff -u -r1.1.1.5 pfkeyv2.h --- include/linux/pfkeyv2.h 7 Apr 2003 17:32:27 -0000 1.1.1.5 +++ include/linux/pfkeyv2.h 11 May 2003 05:11:28 -0000 @@ -275,8 +275,8 @@ /* Encryption algorithms */ #define SADB_EALG_NONE 0 -#define SADB_EALG_DESCBC 1 -#define SADB_EALG_3DESCBC 2 +#define SADB_EALG_DESCBC 2 +#define SADB_EALG_3DESCBC 3 #define SADB_X_EALG_CASTCBC 6 #define SADB_X_EALG_BLOWFISHCBC 7 #define SADB_EALG_NULL 11
