(usagi-users 00604) Re: IPsec config

[Kazunori Miyazawa <Kazunori_Miyazawa@xxxxxxxxxxxxxx>]

Hello

On Tue, 26 Jun 2001 11:04:48 +0200 (CEST)
<6bone@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> Hello,
> 
> Where can I get some information about configuration IPsec ?
> Exists the a program like setkey in bsd ?
> 

We use FreeS/WAN's userland command to set SAs and policies.
You can get those code from
http://www.freeswan.org/ .

!!! Notice !!! 
You must not install FreeS/WAN's kernel code.
Current our codes confilicts with FreeS/WAN's kernel code.
Don't "make ***go".

Minimum information
1. get FreeS/WAN's code( We use version 1.9 )
2. unpack it with "tar"
3. cd $any/freeswan*
4. make programs
5. make install then FreeS/WAN's commands are installed under /usr/local/lib/ipsec
6. remove "*ipsec" under /etc/rc.d/ or /etc/rc?.d/ and /etc/ipsec.conf /etc/ipsec.secrets

We set sa with "ipsec spi --af inet6 ....." and 
set policy with "ipsec eroute --add --eraf inet6 .....".
Please see FreeS/WAN's document.

However we don't recommend to use the branch.
Please wait for merging IPSEC branch into USAGI MAIN TRANK.

> Documentation/Configure.help says I sould read README.USAGI-IPSEC, but it
> do not exists in my source tree.
> 
> Thank you for your efforts
> Uwe
> 
I'm sorry. Now we are writing it.

> 
> PS: If I try to compile the IPsec kernel, the makefile in linux24/net/ipv6
> expected the file utils.o It do not exists.
> 
I think you have never do "make prepare".
Please see "usagi/doc/INSTALL.USAGI".

> On Mon, 25 Jun 2001, Yuji Sekiya wrote:
> 
> > Sorry, we can't include our IPsec stack in the snapshots.
> > We are now syncing our IPsec stack into the latest linux kernel.
> >
> > If you strongly want to try our IPsec stack, you can get it by anoncvs.
> >
> > 	cvs -d :pserver:anoncvs@xxxxxxxxxxxxxxxxxxxxxx:/cvsroot/usagi checkout \
> > 	-rb20010622-IPSEC usagi
> 
> 

--Kazunori Miyazawa