Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Antw: [suse-security] How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ?
  • From: "Andreas Thierer" <AThierer@xxxxxx>
  • Date: Tue, 30 Sep 2003 13:43:27 +0200
  • Message-id: <sf79888b.055@xxxxxx>
Hi Elmar,

I also needed NAT-Traversal with FreeSWAN.
First i wanted to apply the NAT-Traversal-Patch, like you,
but then i saw, that the X.509-Patch has also an NAT-Traversal-
functionality. This X.509-Patch is applied to the FreeSWAN-
paket shipped with SuSE 8.2.

See
http://www.freeswan.ca/patches/www.strongsec.com/freeswan/install.htm#section_4.4

Best regards
Andy



>>> Elmar Marschke <elmar.marschke@xxxxxxxx> 27.09.2003 18:15:04 >>>
Hi all,
i installed a VPN with a SuSE8.2 2.4.20-4GB kernel and a
freeswan_1.99_0.9.23-20 as provided by the 8.2 distribution.
Everything including x509-Support is tested and working fine.

Now i want to add NAT-Traversal functionality. As written in
/u/s/d/p/freeswan/README.SuSE the NAT-Traversal Patches (written by
Mathieu Lafon) for the *freeswan-package* are already inserted in
the package provided by SuSE.
But to get it running one has also to patch the *kernel* with the
fswan-nat-t-kernel.diff, they write, and which is provided in the
same directory.

I applied the patch to my kernel-sources (Return Code=0) and
recompiled the kernel:

- make oldconfig (perhaps wrong?? don't know what this exactly is
doing..)
-i took a look in make xconfig and noticed that there were no
possibilities to do configuration for IPSec, but at that moment i
did'nt care
- changed the Makefile's Extraversion Number..
- make dep
- make clean
- make bzImage
- make modules
- make modules_install

I prepared my bootloader and did mkinitrd for that kernel. Booting
with that kernel was ok, but ipsec did'nt start anymore:
"ipsec_setup:modprobe: can't locate module ipsec. Kernel appears to
lack KLIPS."
I booted my old kernel again and according to some mails of this
list i took a look into .../kernel_modules/zz_freeswan/Makefile and
tried:
in that directory:
- make insert
Result: make xconfig in /usr/src/linux did'nt work anymore.
- make kmodule
Result: make xconfig didn't work yet.
- make klink
Result: make xconfig worked again! And it had configuration-options
for IPSec!! I configured this -i took all the defaults i found
there, the only thing i changed was the IPSec-Stuff- and compiled
another kernel exactly as described above (except that i used
xconfig instead oldconfig). Every step gave a Return Code of 0.
Result when booting this new kernel:
"Kernel panic: unresolved symbol reiserfs.o" (which is my boot
partition).

Question:
can anyone give me a hint about the correct way to apply this patch
and get a working kernel?
*Which* make -steps / targets do i have to take in .../zz_freeswan/
(e.g. what about oldmod?) and perhaps in /usr/src/linux, and **in
which order**?
Any help would be greatly appreciated.. thnxalot!
Kind regards
Elmar


< Previous Next >
This Thread
  • No further messages