[Swan] KLIPS build failure on linux 4.6.2

Paul Wouters paul at nohats.ca
Wed Aug 31 21:43:18 UTC 2016


On Wed, 13 Jul 2016, Paul Wouters wrote:

> On Wed, 13 Jul 2016, Robert Hawkins wrote:
>
>>  I'm trying to build klips against Linux 4.6.2.  However the crypto_hash
>>  API was recently removed from the stable Linux kernel series, hence KLIPS
>>  doesn't build.  (See the build log below.)  Is there a workaround or fix
>>  for this?
>
> We are not spending too much time on keeping KLIPS running on newer
> kernels. Have you tried migrating to VTI using libreswan 3.18dr3?
>
> https://libreswan.org/wiki/Route-based_VPN_using_VTI

Some more info on the change I just happened to stumble upon now:

https://patchwork.kernel.org/patch/8179691/

 	Herbert Xu - Feb. 1, 2016, 1:36 p.m.

 	This patch removes all traces of the crypto_hash interface, now
 	that everyone has switched over to shash or ahash.

See also:

https://lwn.net/Articles/313327/
https://kernel.readthedocs.io/en/sphinx-samples/crypto-API.html
http://www.chronox.de/crypto-API/index.html

It's not a trivial patch to fix this for KLIPS, so again we recommend
people switch to XFRM/NETKEY and use VTI to get ipsecX interfaces.

Paul


More information about the Swan mailing list