Differences between version 11 and predecessor to the previous major change of IPSecInstallation.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 11 | Last edited on Wednesday, April 23, 2003 10:44:52 am | by PerryLorier | Revert |
Older page: | version 1 | Last edited on Wednesday, April 23, 2003 9:30:39 am | by JeeKay | Revert |
@@ -1,30 +1,51 @@
Prerequisites:
-A machine with Linux and a recent (preferably 2.4.20) kernel on it.
-The source for your kernel (http://www.mirror.ac.uk/sites/ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.20.tar.bz2 is the one I am using).
-A recent FreeS/WAN archive (the FreeS/WAN homepage recommends typing: ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-\*).
-Some patience!
-
+*
A machine with Linux and a recent (preferably 2.4.20) kernel on it.
+*
The source for your kernel (http://www.mirror.ac.uk/sites/ftp.kernel.org/pub/linux/kernel/v2.4/linux-2.4.20.tar.bz2 is the one I am using).
+*
A recent FreeS/WAN archive (the FreeS/WAN homepage recommends typing: ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-\*).
+*
Some patience!
+----
Note: This setup will NOT be able to handle interacting with IPSec implementations that require X.509 certificates for authentication. For that, you will need to patch your FreeS/WAN sources and figure it out for yourself... or wait until I Wiki it when I need to do it myself :)
Also note: I assume you know how to configure/compile/install kernels.
-
+----
Step 1: Preparing kernel sources (not necessary if you already have them to hand)
-cd /usr/src/
-tar xjf ~/download/linux-2.4.20.tar.bz2
-<configure your kernel here. this is important.>
-<compile your kernel here. this is important.>
+
cd /usr/src/
+ tar xjf ~/download/linux-2.4.20.tar.bz2
+ <configure your kernel here. this is important.>
+ <compile your kernel here. this is important.>
Step 2: Preparing FreeS/WAN sources
-cd /usr/src/
-tar xzf ~/download/freeswan-1.99.tar.gz
+
cd /usr/src/
+ tar xzf ~/download/freeswan-1.99.tar.gz
Step 3: Start making FreeS/WAN
-cd /usr/src/freeswan-1.99/
-make oldgo
+
cd /usr/src/freeswan-1.99/
+ make oldgo[1]
Step 4: Rebuild the kernel
-cd /usr/src/linux
/
-<At this point you may wish to
make menuconfig and change the IPSec to be statically compiled instead of as a module..>
-<compile your kernel here. again>
+
cd /usr/src/freeswan-1.99
/
+ make kinstall[2]
+Step 5: Finishing touches
+ <install your kernel>
+ <reboot>
+----
Congratulations! You now have an IPSec enabled kernel in the directory where your newly compiled kernel normally lives (/usr/src/linux/arch/i386/boot/bzImage for me). You are probably going to want to copy it somewhere and either restart or rerun lilo and restart, depending on your preferences.
+
+You may now wish to go to [IPSecConfiguration] to find out how to actually do something useful with all this!
+
+----
+!Or, if you're running Debian:
+
+apt-get install kernel-source (or acquire the newest kernel source as you see fit)
+apt-get install kernel-patch-freeswan
+
+export PATCH_THE_KERNEL=YES
+cd /usr/src/kernel-source-whatever
+make-kpkg --config=menuconfig --revision=whatever kernel_image
+
+When make-kpkg runs, if PATCH_THE_KERNEL is set YES then it will unpatch (clean) and patch the kernel with the contents of /usr/src/kernel-patches/ that are correct for your architecture. The --config=menuconfig step is designed to let you configure all the flash new options that FreeS/WAN provides.
+
+----
+[1]: oldgo is the target for compiling statically against the kernel source. The alternative (for a module) is oldmod.
+[2]: kinstall is the target for installing statically against the kernel source. The alternative (for a module) is minstall. Note that this step seems to attempt to auto-install the new kernel if you are running lilo.. I don't so it didn't do anything but beware.