Differences between version 18 and previous revision of IPSecInstallation.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 18 | Last edited on Wednesday, November 5, 2003 10:13:10 am | by CraigBox | Revert |
| Older page: | version 17 | Last edited on Friday, October 3, 2003 4:40:21 pm | by CraigBox | Revert |
@@ -46,8 +46,10 @@
cd /usr/src/kernel-source-whatever
make-kpkg --config=menuconfig --revision=whatever kernel_image
When make-kpkg runs, if PATCH_THE_KERNEL is set YES (It has to be in uppercase!) then it will unpatch (clean) and patch the kernel with the contents of /usr/src/kernel-patches/ that are correct for your architecture. The --config=menuconfig step is designed to let you configure all the flash new options that FreeS/WAN provides. Make sure you don't forget any.
+
+If you are running kernel 2.4.21+, THIS WILL NOT WORK! See this footnote[2] for the fix
Reboot into your new kernel and install the userspace tools with apt-get install freeswan.
!Gentoo
@@ -68,4 +70,18 @@
__IMPORTANT NOTE:__ FreeS/WAN 2.x ships with OpportunisticEncryption enabled out of the box. THIS WILL CAUSE YOU PROBLEMS IF YOU DON'T HAVE CORRECT DNS RECORDS! If you install FreeS/WAN (esp. on Debian) and want to set up tunnels, or learn about it, turn OE off quickly. If it's on, you'll have /1 routes and a default route out your ipsec0 interface, and __you will no longer have a default gateway__.
----
[1]: [X509] certificate support is required if you want to interoperate with Windows. You can either get [X509 patch for vanilla FreeS/WAN|http://www.strongsec.com/freeswan/] or you can get [Super FreeS/WAN|http://www.freeswan.ca/], which has lots more patches, but tends to be a version or two behind the original FreeS/WAN release. If you don't know what you need, compile X509 in if you're going to interoperate with Windows, and don't bother otherwise.
+
+[2]: The makefile has changed in the kernel source, so the patch needs to change as well. You might have to play with this to make it work (run a make-kpkg clean first perhaps) but I took the best part of a day getting a patch that would apply.
+
+ dev:/usr/src/kernel-patches/all/freeswan/linux/net# less Makefile.fs2_4.ipsec_alg.patch
+ --- Makefile-orig Tue Oct 21 11:35:47 2003
+ +++ Makefile Tue Oct 21 11:35:57 2003
+ @@ -8,6 +8,7 @@
+ O_TARGET := network.o
+
+ mod-subdirs := ipv4/netfilter ipv6/netfilter ipx irda bluetooth atm netlink sched core
+ +mod-subdirs += ipsec
+ export-objs := netsyms.o
+
+ subdir-y := core ethernet
