Both RHEL3 ES and AS have the 26sec(NETKEY) ipsec stack kernel modules included.
The 26sec or NETKEY is the IPSEC stack for 2.6 kernels, but RedHat have backported it to the RHEL3 kernel.
As such, you *don't* need to patch your kernel with KLIPS.
NATTraversal is also included in the RHEL3 kernel.
The Openswan team writes: "RHEL3 is the worst choice for a kernel for IPsec related matters." http://lists.openswan.org/pipermail/users/2005-April/004382.html
You also need to have the ipsec-tools rpm installed (the ones that comes with RHEL3.)
Only install the userland tools:
cp -pr /usr/src/redhat ${HOME}/rpm
echo "%_topdir ${HOME}/rpm" >${HOME}/.rpmmacros
rpmbuild -tb openswan-2.x.y.tar.gz
sudo rpm -i rpm/RPMS/i386/openswan-2.x.y-1.i386.rpm
sudo rpm -i rpm/RPMS/i386/openswan-doc-2.x.y-1.i386.rpm
Or you could perform a manual build:
tar -xzvf openswan-2.x.y.tar.gz cd openswan-2.x.y make programs sudo make install
Or, get the RPM from http://www.openswan.org/download/binaries/ (out of date) and install that instead.
Or, you can also compile the latest openswan for RHEL3 like this:
rpmbuild -ta --clean --target=i686 openswan-2.4.5.tar.gz
And install the compilled rpm with:
rpm -ivh /usr/src/redhat/RPMS/i686/openswan-2.4.5-*.rpm
More info about RHEL3 and IPSEC and Openswan here:
http://www.linux.org.py/wiki/doku.php/howto/openswan_ipsec_rhel3
