Re: [strongSwan] IPv4 only and minimal kernel modules
Hi, 1) upgrade to kernel 2.6.29 and apply patch [1] from above, to the linux kernel. No, 2.6.29 already contains the patch. 2) stick with kernel 2.6.28 and apply the disable-iaf-tunnels patch to charon, (this patch will brake v6/v4 mixed operation) Yes, then no kernel patch is required. 3) Apply the patch [1] to your 2.6.28 kernel. No userland patch required. Regards Martin ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPv4 only and minimal kernel modules
Martin Willi wrote: It seems that if I remove all of the Ipv6 modules the IPsec doesn't work Make sure to have at least a 2.6.29 kernel, apply the kernel patch [1] or use the workaround patch for strongSwan (attached, breaks mixed v4/v6 tunnels). Regards Martin [1]http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304 I am using kernel 2.6.28. If I understand well, my options are: 1) upgrade to kernel 2.6.29 and apply patch [1] from above, to the linux kernel. 2) stick with kernel 2.6.28 and apply the disable-iaf-tunnels patch to charon, (this patch will brake v6/v4 mixed operation) Can you confirm that this is correct and complete? I plan to stick with 2.6.28 because changing kernel would require a lot of discussions and testing. Regards, Dimitrios Siganos ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] IPv4 only and minimal kernel modules
Hi, The webpage http://wiki.strongswan.org/wiki/1/KernelModules states that the following kernel modules are required for strongswan operation: Networking --- Networking options --- Transformation user configuration interface PF_KEY sockets TCP/IP networking IP: advanced router IP: policy routing IP: AH transformation IP: ESP transformation IP: IPComp transformation IP: IPsec transport mode IP: IPsec tunnel mode IP: IPsec BEET mode (experimental) The IPv6 protocol IPv6: AH transformation IPv6: ESP transformation IPv6: IPComp transformation IPv6: IPsec transport mode IPv6: IPsec tunnel mode IPv6: IPsec BEET mode IPv6: Multiple Routing Tables Network packet filtering framework (Netfilter) --- Core Netfilter Configuration IPsec policy match support Cryptographic API Select algorithms you want to use... If we only want Ipv4 support, can this required kernel modules list be shortened? It seems that I I remove all of the Ipv6 modules the IPsec doesn't work so there is some dependency. Can you tell what it is? Regards, Dimitrios Siganos ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users