RE: [suse-security] Problem with freeswan after 2.4.19 kernel update
Dieter, Thanks :) have since had a look at the SuSE support pages (http://www.suse.de/en/private/download/updates/81_i386.html) and ... 'The kernel update for SuSE Linux 8.1 from June 2003 (2.4.19-308) broke FreeS/WAN. The reason is that the CGL features (USAGI patches) that provide superior IPv6 support introduce incompatibilities in the pfkey interface that IPsec uses. This package has been adatped to work with the new kernel (but unfortunately not with the old one.) Furthermore, IP compression support has been dropped' ... so I guess, either revert to the old kernel or better still, update the freeswan packages - will post back if the latter approach works. Best Regards, Michael -----Original Message----- From: Dieter Kirchner [mailto:dkirchner@bupnet.de] Sent: Monday, July 28, 2003 12:55 PM To: suse-security@suse.com Cc: Karl Flannery Subject: Re: [suse-security] Problem with freeswan after 2.4.19 kernel update Hi,
Since updating our SuSE 8.1 VPN gateway with the latest 2.4.19 kernel update (k_deflt-2.4.19-329), users are reporting problems creating IPsec connections.
Any ideas how to fix this?
Did you reboot ? If not, try this first. If "depmod -a" after reboot shows errors, wait for the fix by SuSE (they messed up this update AFAIK) or compile a new kernel by yourself. Download for the necessary kernel-patches the super-freeswan (1.98 or so) package, download kernelsource, decompress both, configure your kernel, change into the super-freeswan source dir, issue a "make insert" to generate links and patches, configure the kernel again (this time ipsec will show up), compile and install the kernel and modules, reboot. This procedure worked for me. If you do not configure the kernel before "make insert" the script will complain (it work anyway, I did not test this). This will fix the broken mppe of SuSE also, for usage with pptpd, if you like to use this kind of VPN also make sure you have "bsd-compress" option for ppp enabled too. Regards, Dieter --------------------------------------------------------------- Dieter Kirchner Systemadministration BUPNET +49 551 54707 62 D-Goettingen http://www.bupnet.de --------------------------------------------------------------- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi,
Thanks :) have since had a look at the SuSE support pages (http://www.suse.de/en/private/download/updates/81_i386.html) and ...
I fixed this just after the kernel update myself, so I ignored this one :-(
... so I guess, either revert to the old kernel or better still, update the freeswan packages - will post back if the latter approach works.
It works, for clients using ipsec only, so an automatic update via yast will fix ipsec. My problem was that the included mppe-patch did not work in a setup with pptpd and freeswan. I'm using VPN on a dsl router for both linux and windows clients, so I decided pptp has to be offered too. The mppe kernel patch was applied in the stock kernel, but did not work well. I don't know if this one is fixed yet. When using XP clients your received error messages about the packet size when using the connection for large transfers, terminating the pptp session. There must have been some other patch disabling the fix, so I decided to compile a new kernel myself... regards, Dieter --------------------------------------------------------------- Dieter Kirchner Systemadministration BUPNET +49 551 54707 62 D-Goettingen http://www.bupnet.de ---------------------------------------------------------------
participants (2)
-
Dieter Kirchner -
Michael Ryan