I'm attempting a VPN client setup that  requires a newer version of
Openswan than is packaged for OpenWrt 0.9.  Want to connect
a WRT54GS v2.1 as a VPN client to a Cisco firewall using XAUTH.
Works ok with Cisco VPN Client on the Windows box, but would
prefer to have Linky handle the tunnel.

Is there any chance that this can be done for either White Russian or
Kamikaze in the relatively near future?

I've appended the relevant changelog entries, per Paul Wouters
in the Openswan dev mailing list.  Also his final comments from
our exchange on the Openswan developer mailing list.

BTW White Russian is astoundingly excellent.  Impressive quality
and packaging.  Love the mini_fo overlay of jffs2 on top of the
squashfs.  Can barely tell the difference between ipkg and yum.

Thanks,

David

v2.4.8
* Fix for Aggressive Mode and NAT-T port floating, based on RedHat patch [paul]
* Fix for Aggressive Mode and NAT-T (#491) by Delta Yeh
* bugtracker bugs fixed:
  #git c2e23a6e16a55632d618740518d419f3fad3323d: AggressiveMode with nhelpers=0
                                                 fix from Marin Hincks

v2.4.7
* bugtracker bugs fixed:
  #474 ASSERTION FAILED at spdb_struct.c:1233: trans->attr_cnt > == 4"



Date: Tue, 27 Mar 2007 07:59:40 +0200 (CEST)
From: Paul Wouters <paul@xelerance.com>
To: David Lawless <lawless@spamcop.net>
cc: users@openswan.org, dev@openswan.org
Subject: Re: [Openswan dev] trying to configure XAUTH as  replacement for working Cisco VPN Client

On Mon, 26 Mar 2007, David Lawless wrote:

> Thank you for your reply.
>
> Have no control over the Cisco server side, so can't
> switch to L2TP.
>
> It seems probable I want to be the xauth client.  Would
> it help to attempt to be the server?  The other end is
> a hardware Cisco VPN firewall.

Ohh. I completely misunderstaood you. I thought you were trying to
connect a laptop to your home router.

> I can look into building the latest Openswan version for OpenWrt
> on a MIPS CPU, but it could be a lot of work.  Perhaps could
> convince the OpenWrt developers to try it or pull a release from
> their current development build.  Is this the best approach?

That would be best. The only pending issues for openswan 2.4.8, why
it is still rc1, has to do with 2.6.19+ kernels, while openwrt for
the linksys at least, uses a 2.4 kernel.

If you are convincing them of things, have them switch from l2tpd 0.69
to xl2tpd 1.1.09 would also be a good thing smile

Paul