OpenSWAN
=========
 In order to explore the CESA through the OpenSWAN, 1 patch should be applied to the OpenSWAN.

 download openswan-2.6.24 (http://www.openswan.org/), then untar+unzip it.
 apply the patch:

 - mv_openswan_2_6_24.patch - 
	change default configs to remove DEBUG and to include OCF.
	Fixes:
		- fix icmp_send failure caused by IFF_XMIT_DST_RELEASE flag set on the net dev.
		- fix rmmod BUG by removing duplicated free_netdev call.
		- include patch from openswan git that make sure we have the skb->dst in place before we call
		  ip_select_ident otherwise we get kernel warn: "rt_bind_peer(0) .. "

and compile:

 + ipsec module (cross compilation) :
  'make KERNELSRC=<path to this release, after config> module ARCH=arm CC=<path_to_cross_compile> LD=<path_to_cross_loader>' HAVE_OCF=1
  then copy the module to the host FS: /lib/modules/<kernel_name>/kernel/net/ipsec/

 + ipsec user (native) :
  make sure that you have the kernel source on the FS.
  'make KERNELSRC=<path to this release, after config> programs'
  'make install'


IPSec routing using encryption/authentication only

  basic vpn connection:
  +++++++++++++++++++++
 - platform: conncted with egiga.
 - make sure you have 'ip' (part of the iproute package) installed.
 - edit /etc/ipsec.conf (on both sides) ,check the "man ipsec.conf" :

config setup
        interfaces="ipsec0=eth0"    # Virtual/physical interfaces
        klipsdebug="none"             # Debug KLIPS
        plutodebug="none"             # Debug PLUTO

conn dove_psk_vpn
    type=tunnel                    # type of the connection: tunnel(default),passthrough,transport,reject,drop
    authby=secret
    left=192.168.1.1
    leftsubnet=192.168.1.0/16
    right=192.168.0.1              # Remote information
    rightsubnet=192.168.0.0/16
    auto=start                     # start this connection at startup


 - edit /etc/ipsec.secrets (on both sides) to have shared secret.
192.168.1.1 192.168.0.1 : PSK "123456"

 - side1: 'ifconfig eth0 192.168.0.1 netmask 255.255.0.0'
 - side2: 'ifconfig eth0 192.168.1.1 netmask 255.255.0.0'
 - check connectivity: ping from side1 to 192.168.1.1
 - '/etc/init.d/ipsec start' (on both sides), create new interface ipsec0.
 - check connectivity: ping from side1 to 192.168.1.1 --> VPN is working (make sure by sniffing)

