Antw: [suse-security] How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ?
Hi Elmar, I also needed NAT-Traversal with FreeSWAN. First i wanted to apply the NAT-Traversal-Patch, like you, but then i saw, that the X.509-Patch has also an NAT-Traversal- functionality. This X.509-Patch is applied to the FreeSWAN- paket shipped with SuSE 8.2. See http://www.freeswan.ca/patches/www.strongsec.com/freeswan/install.htm#sectio... Best regards Andy
Elmar Marschke
27.09.2003 18:15:04 >>> Hi all, i installed a VPN with a SuSE8.2 2.4.20-4GB kernel and a freeswan_1.99_0.9.23-20 as provided by the 8.2 distribution. Everything including x509-Support is tested and working fine.
Now i want to add NAT-Traversal functionality. As written in /u/s/d/p/freeswan/README.SuSE the NAT-Traversal Patches (written by Mathieu Lafon) for the *freeswan-package* are already inserted in the package provided by SuSE. But to get it running one has also to patch the *kernel* with the fswan-nat-t-kernel.diff, they write, and which is provided in the same directory. I applied the patch to my kernel-sources (Return Code=0) and recompiled the kernel: - make oldconfig (perhaps wrong?? don't know what this exactly is doing..) -i took a look in make xconfig and noticed that there were no possibilities to do configuration for IPSec, but at that moment i did'nt care - changed the Makefile's Extraversion Number.. - make dep - make clean - make bzImage - make modules - make modules_install I prepared my bootloader and did mkinitrd for that kernel. Booting with that kernel was ok, but ipsec did'nt start anymore: "ipsec_setup:modprobe: can't locate module ipsec. Kernel appears to lack KLIPS." I booted my old kernel again and according to some mails of this list i took a look into .../kernel_modules/zz_freeswan/Makefile and tried: in that directory: - make insert Result: make xconfig in /usr/src/linux did'nt work anymore. - make kmodule Result: make xconfig didn't work yet. - make klink Result: make xconfig worked again! And it had configuration-options for IPSec!! I configured this -i took all the defaults i found there, the only thing i changed was the IPSec-Stuff- and compiled another kernel exactly as described above (except that i used xconfig instead oldconfig). Every step gave a Return Code of 0. Result when booting this new kernel: "Kernel panic: unresolved symbol reiserfs.o" (which is my boot partition). Question: can anyone give me a hint about the correct way to apply this patch and get a working kernel? *Which* make -steps / targets do i have to take in .../zz_freeswan/ (e.g. what about oldmod?) and perhaps in /usr/src/linux, and **in which order**? Any help would be greatly appreciated.. thnxalot! Kind regards Elmar
participants (1)
-
Andreas Thierer