Differences between version 17 and previous revision of IPSecInstallation.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 17 | Last edited on Friday, October 3, 2003 4:40:21 pm | by CraigBox | Revert |
| Older page: | version 16 | Last edited on Friday, October 3, 2003 4:32:56 pm | by CraigBox | Revert |
@@ -5,10 +5,8 @@
* FreeS/WAN kernel patches
* The FreeS/WAN UserSpace tools
* [X509] patches [1]
-* A recent FreeS/WAN archive (the FreeS/WAN homepage recommends typing: ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-\*).
-* Some patience!
----
!!Kernel preparation
!Vanilla Kernel/FreeS/WAN from source
@@ -30,9 +28,9 @@
make oldgo
'oldgo' is the target for compiling statically against the kernel source. Alternatives are 'menugo' and `xgo' to get a normal kernel config menu up respectively. For the menus, IPSec related options are under 'Networking Options'. Always save the config when you leave, whether or not you have changed anything!
-Now, install
your kernel and reboot
.
+You now have a newly compiled kernel in wherever
your kernel normally lives (/usr/src/linux/arch/i386/boot/bzImage for me). You are probably going to want to copy it somewhere
and either restart or rerun lilo and restart, depending on your preferences
.
!Debian
Note: if you want to do all the cool new things like OpportunisticEncryption, you should be using FreeS/WAN 2.01+. If you're running [Debian] [Stable], you can get the a [backport|BackPorts] from [backports.org's FreeS/WAN directory|http://www.backports.org/debian/dists/woody/freeswan/], by adding the following line to /etc/apt/sources.list:
@@ -49,21 +47,25 @@
make-kpkg --config=menuconfig --revision=whatever kernel_image
When make-kpkg runs, if PATCH_THE_KERNEL is set YES (It has to be in uppercase!) then it will unpatch (clean) and patch the kernel with the contents of /usr/src/kernel-patches/ that are correct for your architecture. The --config=menuconfig step is designed to let you configure all the flash new options that FreeS/WAN provides. Make sure you don't forget any.
-The
userspace tools can be installed
with apt-get install freeswan.
+Reboot into your new kernel and install the
userspace tools with apt-get install freeswan.
!Gentoo
-gentoo-sources comes with FreeS/WAN support. Enable IPSec in your kernel config, recompile, and
+gentoo-sources comes with FreeS/WAN support. Enable IPSec in your kernel config, recompile, and reboot. For the userspace tools,
+
emerge -u freeswan
+
+!!RedHat
+
+See http://www.freeswan.org/freeswan_trees/freeswan-2.02/doc/install.html#install - there are some RPMs out there, but I think you will have to patch the Red Hat kernel.
----
-Congratulations! You now have an IPSec enabled kernel in the directory where your newly compiled kernel normally lives (/usr/src/linux/arch/i386/boot/bzImage for me). You are probably going to want to copy it somewhere and either restart or rerun lilo and restart, depending on your preferences.
+Congratulations! You now have an IPSec enabled kernel
You may now wish to go to [IPSecConfiguration] to find out how to actually do something useful with all this!
__IMPORTANT NOTE:__ FreeS/WAN 2.x ships with OpportunisticEncryption enabled out of the box. THIS WILL CAUSE YOU PROBLEMS IF YOU DON'T HAVE CORRECT DNS RECORDS! If you install FreeS/WAN (esp. on Debian) and want to set up tunnels, or learn about it, turn OE off quickly. If it's on, you'll have /1 routes and a default route out your ipsec0 interface, and __you will no longer have a default gateway__.
-
----
[1]: [X509] certificate support is required if you want to interoperate with Windows. You can either get [X509 patch for vanilla FreeS/WAN|http://www.strongsec.com/freeswan/] or you can get [Super FreeS/WAN|http://www.freeswan.ca/], which has lots more patches, but tends to be a version or two behind the original FreeS/WAN release. If you don't know what you need, compile X509 in if you're going to interoperate with Windows, and don't bother otherwise.
