Johannes,
Many thanks for your reply along with Martin's, and many thanks for builing the rpm. I have downloaded the rpm you have built, but, I have not yet started any testing. Please see my previous email addressed to Martin. Regards, -Deepak -----Original Message----- From: jr [mailto:[email protected]] Sent: Tuesday, November 10, 2009 6:05 AM To: Gupta, Deepak (Deepak) Cc: '[email protected]' Subject: Re: [strongSwan] Strongswan support for RHEL5 My spec successfully compiled on koji for the dist-5E-epel release tag, so it should work on RHEL/CentOS. However, i haven't given the subpackages-spec much testing yet, but you could help me greatly by doing so. (I've just rebuild it in koji for your convenience, you can find the RPMs at http://koji.fedoraproject.org/koji/taskinfo?taskID=1798129 please note that those rpms are for testing purposes only yet). about the bug in the kernel, it has been fixed in 2.6.18-164 (actually a little earlier, but those kernels weren't released to the public). iow, since late 5.3 those issues were fixed. regards, Johannes Am Dienstag, den 10.11.2009, 10:48 +0100 schrieb Martin Willi: > Hi, > > > Ipsec v3 (RFC's 4301 and 4303) > > The Linux kernel does not completely support the new IPsec standards. > It currently does not support Extended Sequence Numbers or Traffic > Selector ranges (only complete subnets). > > > IKEv2 > > OCSP (over http) for CRL's and CA management Automatic Keying > > Ike=aes128-sha2_256-modp2048 > > This is supported by strongSwan. > > > Esp=aes128-sha2_256 > > The Linux kernel uses an incorrect truncation scheme for ESP packets > with SHA256. You might try to use the patch available at [1] to use > the correct 96-bit truncation. > > > 1. Does strongswan support RHEL5.2 (x86_64 64 bit)? > > It should. There was a bug in earlier RHELs, where querying SAs in the > kernel immediately deletes them. I don't know if this is still correct > for 5.2, but you'll see SAs disappearing when running "ipsec statusall". > > > 2. Are there are any known issues for this version of this OS for the > > IPsec params mentioned above? > > As mentioned. > > > 3. Where can I find rpms for RHEL5? > > There are no official RPMs for RHEL. There is currently a discussion > about spec files on this list, you might want to try one of these. > > Regards > Martin > > [1]http://kerneltrap.org/mailarchive/linux-kernel/2008/6/5/2039114 > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
