These notes apply to Openswan 2.3.0


1.   Aggressive Mode support is included.  You enable it by:

	aggrmode=yes|no

	Default is no

2.  Mode Config support is included.  This is most useful when you are a 
client to something like a Cisco VPN concentrator.  See contrib/cisco for
a handy tool to convert Cisco .pcf files to Openswan ipsec.conf and 
ipsec.secrets entries.  A sample config below:

conn cisco-client
        ike=3des-md5-modp1024
        aggrmode=yes
        authby=secret
        left=%defaultroute
        leftmodecfgclient=yes
        leftxauthclient=yes
        leftid= GROUPID, prefixed with @  (eg: @xelerance)
        right= IP of Cisco Concentrator
        rightxauthserver=yes
        rightmodecfgserver=yes
        modecfgpull=yes
	pfs=no
        auto=add


You can then 'ipsec whack --name cisco-client --initiate' to start it.  
You will be prompted for your username and password.

We will be adding a single function version of whack that will be 
setuid to let you do this easier in a future release.


3. KLIPS for kernel 2.6 support.

This version will build in most situations on the 2.6 kernel.
There will be warnings, and in some cases it will fail. The essential
instructions are:
	     1) export KERNELSRC=your built kernel sources.
		Defaults to /usr/src/linux-2.6
	     2) export MOD26BUILDDIR=some place to put stuff
		Defaults to modobj26.
             3) "make module26"

So for instance we can do:
       export KERNELSRC=/corp/network/elros/kernel2.6 
       export MOD26BUILDDIR=/corp/network/elros/mod26 
       make module26

This will result in a file:

   =========================================================

   KLIPS26 module built successfully. 
   ipsec.ko is in /corp/network/elros/mod26/modobj26

   -rw-r--r--  1 mcr mcr 403544 Sep 21 18:13 ipsec.ko
      text    data     bss     dec     hex filename
    304788   10328    5852  320968   4e5c8 ipsec.ko

This file should be installed in /lib/modules, using
     make m26install

Please note that it creates a ".ko" file.

If using User-Mode-Linux, please set "KERNVER=26" in the umlsetup.sh,
and see the example in testing/utils/umlsetup-sample.sh.


