Dieter, Thanks :) have since had a look at the SuSE support pages (http://www.suse.de/en/private/download/updates/81_i386.html) and ... 'The kernel update for SuSE Linux 8.1 from June 2003 (2.4.19-308) broke FreeS/WAN. The reason is that the CGL features (USAGI patches) that provide superior IPv6 support introduce incompatibilities in the pfkey interface that IPsec uses. This package has been adatped to work with the new kernel (but unfortunately not with the old one.) Furthermore, IP compression support has been dropped' ... so I guess, either revert to the old kernel or better still, update the freeswan packages - will post back if the latter approach works. Best Regards, Michael -----Original Message----- From: Dieter Kirchner [mailto:dkirchner@bupnet.de] Sent: Monday, July 28, 2003 12:55 PM To: suse-security@suse.com Cc: Karl Flannery Subject: Re: [suse-security] Problem with freeswan after 2.4.19 kernel update Hi,
Since updating our SuSE 8.1 VPN gateway with the latest 2.4.19 kernel update (k_deflt-2.4.19-329), users are reporting problems creating IPsec connections.
Any ideas how to fix this?
Did you reboot ? If not, try this first. If "depmod -a" after reboot shows errors, wait for the fix by SuSE (they messed up this update AFAIK) or compile a new kernel by yourself. Download for the necessary kernel-patches the super-freeswan (1.98 or so) package, download kernelsource, decompress both, configure your kernel, change into the super-freeswan source dir, issue a "make insert" to generate links and patches, configure the kernel again (this time ipsec will show up), compile and install the kernel and modules, reboot. This procedure worked for me. If you do not configure the kernel before "make insert" the script will complain (it work anyway, I did not test this). This will fix the broken mppe of SuSE also, for usage with pptpd, if you like to use this kind of VPN also make sure you have "bsd-compress" option for ppp enabled too. Regards, Dieter --------------------------------------------------------------- Dieter Kirchner Systemadministration BUPNET +49 551 54707 62 D-Goettingen http://www.bupnet.de --------------------------------------------------------------- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here