Make Strongswan start on a b3

[kurt2000]

Hi

I'm really disappointed to see that excito still not have included 2 small modules in your kernel-module packages.

Every time there is a new kernel i have to grab the source and compile the modules.

What a waste.

please take a look : http://wiki.excito.org/wiki/index.php/M ... rt_on_a_b3

Wkr.

[Joric17]

Yes, idem for Ecryptfs!

See also: http://wiki.excito.org/wiki/index.php/U ... _on_the_B3

Thanks,

Eric

[kurt2000]

Hi

I would like to hear if there is any reason why not to include theese 3 modules.

The funny thing is that they have enabled ipsec in the kernel. But not the 2 required modules.

wkr.

[johannes]

Afik there is no reason that we didn't include them other than that it has been forgotten. It's now in our bug tracker and will be included in 2.4 if it doesn't cause any conflicts or other problems (together with nfs4 and iotop).

[Gordon]

FWIW I found the Netkey stack too unstable anyway and turned to Klips, which I also find easier to manage because it adds an ipsec0 interface. Yes you still need the kernel source, but since building the Klips module doesn't require to build all the other kernel related stuff as well you're done a lot quicker.

And there's a bonus: using iproute2 I can set the IP from br0 as the source address on traffic that should pass through the ipsec0 interface. This tiny tweak allows me to also access resources, such as the Samba shares, on the B3. AFAIK there's no way to accomplish this with Netkey.