Re: [2.6.21-git2] sk_buff changes break Cisco VPN client

From: Alessandro Suardi
Date: Sun Apr 29 2007 - 03:15:29 EST


On 4/29/07, David Miller <davem@xxxxxxxxxxxxx> wrote:
From: Roland Dreier <rdreier@xxxxxxxxx>
Date: Sat, 28 Apr 2007 14:05:27 -0700

> However I can suggest vpnc (http://www.unix-ag.uni-kl.de/~massar/vpnc/)
> as an alternative. I'm not forced to use Cisco VPN access any more,
> but when I tried it, vpnc was tons better than the Cisco product.

Also, and I know this might be a COMPLETE SHOCK to some people, but we
do have a full in-kernel IPSEC stack and using it with openswan to
connect to VPNs works perfectly fine.

I use it every day.

It's quite amusing that people use a userland IPSEC implementation
via VPNC, in spite of this.


Have a look here

https://lists.dulug.duke.edu/pipermail/dulug/2007-March/010792.html

where someone seems to be in my same boat. No, openswan/IPSEC
does not work in all configurations with Cisco VPN concentrators -
and by Murphy's law, I'm in the non-working configuration.

Hope this clarifies the reason I asked. And if anyone out there
is in doubt about it, I absolutely hate having to rebuild an out
of kernel module every time I build a kernel, crossing fingers
it doesn't break (again). I would use *anything* else.

--alessandro

"Did you get married but forgot to get divorced ?"

(Danny and Dusty, 'The Good Old Days')
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/