The kernel modifications for HIP are available in vanilla linux kernel 2.6.27 and above. With older kernel version, it is possible to use the userspace IPsec in HIPL. If you want to optimize performance for an older kernel version, you can patch and compile the kernel. The drawback of patching your kernel is that it requires some expertise and possibly installing e.g. some wireless firmware images manually. The HIPL website has some readily built images, but you may still have to install some firmware images manually. If you are unsure, you can try the userspace ipsec as described later in this manual.
If you haven't configured linux kernel before, please use the userspace ipsec instead (as described later in this document), or at least consult linux/README.
Download linux kernel 2.6.x.y. Compile the kernel with at least the following options:
Networking support --->
Networking options --->
Packet socket (CONFIG_PACKET)
Unix domain sockets (CONFIG_UNIX)
Transformation user configuration interface (CONFIG_XFRM_USER)
PF_KEY sockets (CONFIG_NET_KEY)
TCP/IP networking (CONFIG_INET)
IP: Advanced router (CONFIG_IP_ADVANCED_ROUTER)
IP: policy routing (CONFIG_IP_MULTIPLE_TABLES)
IP: tunneling (CONFIG_NET_IPIP)
IP: AH transformation (CONFIG_INET_AH)
IP: AH transformation (CONFIG_INET_AH)
IP: AH transformation (CONFIG_INET_AH)
IP: ESP transform (CONFIG_INET_ESP)
IP: IPComp transformation (CONFIG_INET_IPCOMP)
IP: IPsec transport mode (CONFIG_INET_XFRM_MODE_TRANSPORT)
IP: IPsec tunnel mode (CONFIG_INET_XFRM_MODE_TUNNEL)
IP: IPsec BEET mode (CONFIG_INET_XFRM_MODE_BEET)
The IPv6 Protocol (CONFIG_IPV6) --->
IP6: AH transformation (CONFIG_INET6_AH)
IPv6: ESP transformation (CONFIG_INET6_ESP)
IPv6: IPcomp transformation (CONFIG_INET6_IPCOMP)
IPv6: IPsec transport mode (CONFIG_INET6_XFRM_MODE_TRANSPORT)
IPv6: IPsec tunnel mode (CONFIG_INET6_XFRM_MODE_TUNNEL)
IPv6: IPsec BEET mode (CONFIG_INET6_XFRM_MODE_BEET)
IPv6: IP-in-IPv6 tunnel (CONFIG_IPV6_TUNNEL)
IPv6: Multiple Routing Tables (CONFIG_IPV6_MULTIPLE_TABLES)
Network packet filtering framework (Netfilter) ---> (CONFIG_NETFILTER)
Advanced netfilter configurationIPv6(CONFIG_NETFILTER_ADVANCED)
Core Netfilter Configuration --->
Netfilter NFQUEUE over NFNETLINK interface(CONFIG_NETFILTER_NETLINK_QUEUE)
Netfilter Xtables support (required for ip_tables) (CONFIG_NETFILTER_XTABLES) --->
"multiport" Multiple port match support (CONFIG_NETFILTER_XTABLES)
IP: Netfilter Configuration --->
IP Userspace queueing via NETLINK (OBSOLETE)(CONFIG_IP_NF_QUEUE)
IP tables support (required for filtering/masq/NAT)(CONFIG_IP_NF_IPTABLES)
Packet filtering (CONFIG_IP_NF_FILTER)
IPv6: Netfilter Configuration --->
IP6 Userspace queueing via NETLINK (OBSOLETE)(CONFIG_IP6_NF_QUEUE)
IP6 tables support (required for filtering/masq/NAT)(CONFIG_IP6_NF_IPTABLES)
Packet filtering (CONFIG_IP6_NF_FILTER)
Device Drivers --->
Network device support ---> (CONFIG_NETDEVICES)
Dummy network device support (CONFIG_DUMMY)
Security options --->
Enable different security models (CONFIG_SECURITY)
Default Linux Capabilities (CONFIG_SECURITY_CAPABILITIES)
Cryptographic API ---> (CONFIG_CRYPTO)
Null algorithms (CONFIG_CRYPTO_NULL)
SHA1 digest algorithm (CONFIG_CRYPTO_SHA1)
AES cipher algorithms (CONFIG_CRYPTO_AES)
DES and Triple DES EDE cipher algorithms (CONFIG_CRYPTO_DES)
AES cipher algorithms (i586) (CRYPTO_AES_586)
The hipd probes the necessary kernel modules automatically