Note: This setup will NOT be able to handle interacting with IPSec implementations that require X.509 certificates for authentication. For that, you will need to patch your FreeS/WAN sources and figure it out for yourself... or wait until I Wiki it when I need to do it myself :)

Also note: I assume you know how to configure/compile/install kernels.

Step 1: Preparing kernel sources (not necessary if you already have them to hand)

cd /usr/src/ tar xjf /download/linux-2.4.20.tar.bz2 <configure your kernel here. this is important.> <compile your kernel here. this is important.>

Step 2: Preparing FreeS/WAN sources

cd /usr/src/ tar xzf /download/freeswan-1.99.tar.gz

Step 3: Start making FreeS/WAN
Note that this step installs the IPSec binaries in /usr/local/lib/ipsec. The "ipsec" command itself is put in /usr/local/sbin. If you later find you can't find "ipsec", check your path.

cd /usr/src/freeswan-1.99/ make oldgo1?

Step 4: Rebuild the kernel

cd /usr/src/freeswan-1.99/ make kinstall2?

Step 5: Finishing touches

<install your kernel> <reboot>

Congratulations! You now have an IPSec enabled kernel in the directory where your newly compiled kernel normally lives (/usr/src/linux/arch/i386/boot/bzImage for me). You are probably going to want to copy it somewhere and either restart or rerun lilo and restart, depending on your preferences.

You may now wish to go to IPSecConfiguration to find out how to actually do something useful with all this!

Or, if you're running Debian:

apt-get install kernel-source (or acquire the newest kernel source as you see fit) apt-get install kernel-patch-freeswan

export PATCH_THE_KERNEL=YES cd /usr/src/kernel-source-whatever make-kpkg --config=menuconfig --revision=whatever kernel_image

When make-kpkg runs, if PATCH_THE_KERNEL is set YES then it will unpatch (clean) and patch the kernel with the contents of /usr/src/kernel-patches/ that are correct for your architecture. The --config=menuconfig step is designed to let you configure all the flash new options that FreeS/WAN provides.

1?: oldgo is the target for compiling statically against the kernel source. Alternatives are `menugo' and `xgo' to get a normal kernel config menu up respectively. For the menus, IPSec related options are under `Networking Options'. Always save the config when you leave, whether or not you have changed anything! 2?: kinstall is the target for installing statically against the kernel source. The alternative (for a module) is minstall. Note that this step seems to attempt to auto-install the new kernel if you are running lilo.. I don't so it didn't do anything but beware.

