Hi, anybody out there who knows how to use SuSE freeswan package with a self made kernel? I configured and tested FreeS/WAN in our development area and now I want to use it in production. But it fails due to missing modules in our customized kernels. It seems that ipsec modules are not installes in the correct module path. It uses the path for the standard kernel, e.g. /lib/modules/2.4.16-4GB. And using make menuconfig I don't see anything ipsec related. Thx, Oliver
Am 15.03.2002 08:28:39, schrieb Schoenwaelder Oliver
anybody out there who knows how to use SuSE freeswan package with a self made kernel? Iconfigured and tested FreeS/WAN in our development area and now I want to use it in production. But it fails due to missing modules in our customized kernels. It seems that ipsec modules are not installes in the correct module path. It uses the path for the standard kernel, e.g. /lib/modules/2.4.16-4GB. And using make menuconfig I don't see anything ipsec related.
You have to patch the kernel with the IPSec sources at first. cd /usr/src tar -xzf freeswan*.gz cd freeswan make menugo now you'll see ipsec related stuff :O) Michael Appeldorn
* Schoenwaelder Oliver wrote on Fri, Mar 15, 2002 at 08:28 +0100:
anybody out there who knows how to use SuSE freeswan package with a self made kernel?
I think this is dangerous if the versions won't match exactly, you may get trouble. So I wouldn't recommend this combination for production. Either use SuSE kernel with the right freeswan.rpm, or build it yourself, too.
I configured and tested FreeS/WAN in our development area and now I want to use it in production. But it fails due to missing modules in our customized kernels.
So you should think about your test strategy :) SCNR.
It seems that ipsec modules are not installes in the correct module path. It uses the path for the standard kernel, e.g. /lib/modules/2.4.16-4GB. And using make menuconfig I don't see anything ipsec related.
Seems like the freeswan patch is missing or was not successful. Don't continue here. Use a fresh kernel and patch it, or use the SuSE kernel sources, or use the SuSE kernel binary RPM. For most purposes this I would recommend the latest possibility. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
* Schoenwaelder Oliver wrote on Fri, Mar 15, 2002 at 08:28 +0100:
anybody out there who knows how to use SuSE freeswan package with a self made kernel?
I think this is dangerous if the versions won't match exactly, you may get trouble. So I wouldn't recommend this combination for production. Either use SuSE kernel with the right freeswan.rpm, or build it yourself, too.
I configured and tested FreeS/WAN in our development area and now I want to use it in production. But it fails due to missing modules in our customized kernels.
So you should think about your test strategy :) SCNR.
It seems that ipsec modules are not installes in the correct module path. It uses the path for the standard kernel, e.g. /lib/modules/2.4.16-4GB. And using make menuconfig I don't see anything ipsec related.
Seems like the freeswan patch is missing or was not successful. Don't continue here. Use a fresh kernel and patch it, or use the SuSE kernel sources, or use the SuSE kernel binary RPM. For most purposes this I would recommend the latest possibility.
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here if you upgrade (Kernel 2.4.18-4GB from Mantel's dir) is
On Fri, Mar 15, 2002 at 09:19:11AM +0100, Steffen Dettmer beat on the keyboard: there an upgrade path...or must you patch the kernel? Is the solution: kernel src+freeswan patch+freeswan package? Just learning about VPN/Freeswan. Have a working PPTP setup now, but would like to use freeswan. ipsec0 Link encap:IPIP Tunnel HWaddr inet addr:66.27.156.198 Mask:255.255.240.0 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) I don't think it is working though. cat /proc/net/ipsec_eroute is 0. -- _ _ __ _____ _____ ___| |_ | '__| / __\ \ /\ / / _ \/ _ \ __| -o) | | _ \__ \\ V V / __/ __/ |_ /\\ |_|(_) |___/ \_/\_/ \___|\___|\__|_\_v rsweet@garagenetworks.net "unix soit qui mal y pense."
* Robert Sweet wrote on Fri, Mar 15, 2002 at 23:45 +0800:
I don't think it is working though. cat /proc/net/ipsec_eroute is 0.
So you don't have any SA's. What tells ipsec look? What happens if you try to establish (--auto up IIRC) a SA? check /var/log/messages. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (4)
-
Michael Appeldorn -
Robert Sweet -
Schoenwaelder Oliver -
Steffen Dettmer