OpenSWAN
=========
 In order to explore the Orion CESA through the OpenSWAN, 2 patches should be applied to the OpenSWAN.

 download openswan-2.4.2 (http://www.openswan.org/), then untar+unzip it.
 apply the patches (in the following order):

 - openswan-2.4.2.diff - a patch from OCF to include the OCF support into the IPsec DP.
 - mv_openswan.diff -
                add support for tasklet usage
                fix bug in AH mode
                remove KLIPS debug (for performance enhancment: check packaging/linus/config-all.h )
                remove NAT-T support (packaging/linus/config-all.h )
                add OCF support by default. (packaging/linus/config-all.h packaging/makefiles/module.defs)
		use OCF in user space.

 and compile:

 + ipsec module (cross compilation) :
  'make KERNELSRC=<path to this release, after config> module ARCH=arm'
  (if compilation fails, try to run the same command again, this is a problem in the makefile scripts)
  then copy the module to the host FS: /lib/modules/2.6.12-arm1/kernel/net/ipsec/

 + ipsec user (native) :
  make sure that you have the kernel source on the FS.
  'make KERNELSRC=<path to this release, after config> programs'
  'make install'

  basic vpn connection:
  +++++++++++++++++++++
 - platform: orion to orion conncted with egiga.
 - make sure you have 'ip' (part of the iproute package) installed.
 - edit /etc/ipsec.conf (on both orion FS) ,check the "man ipsec.conf" :

config setup
        interfaces="ipsec0=egiga0"    # Virtual/physical interfaces
        klipsdebug="none"             # Debug KLIPS
        plutodebug="none"             # Debug PLUTO

conn orion_psk_vpn
    type=tunnel                    # type of the connection: tunnel(default),passthrough,transport,reject,drop
    authby=secret
    left=192.168.1.1
    leftsubnet=192.168.1.0/16
    right=192.168.0.1              # Remote information
    rightsubnet=192.168.0.0/16
    auto=start                     # start this connection at startup


 - edit /etc/ipsec.secrets (on both orion FS) to have shared secret.
192.168.1.1 192.168.0.1 : PSK "123456"

 - orion1: 'ifconfig egiga0 192.168.0.1 netmask 255.255.0.0'
 - orion2: 'ifconfig egiga0 192.168.1.1 netmask 255.255.0.0'
 - check connectivity: ping from orion1 to 192.168.1.1
 - '/etc/init.d/ipsec start' (on both orion), create new interface ipsec0.
 - check connectivity: ping from orion1 to 192.168.1.1 --> VPN is working (make sure by sniffing)

