Thanks Rob, Funnily enough I'd independantly hit on this as the way of fixing it after I posted my message! I was still hopeful that I could avoid compiling the kernel: in the old days (when I started with Linux on a Slackware distro. in 1995) I used to do it all the time but these days with SuSE's kernel being so good I've gotten lazy! Anywayz it gave me a chance to trim my kernel modules down to the ones that I'll *ever* use (sadly I'm unlikely to ever have an FDDI or ATM card in my machine :) ) and cut compile time down by about 90%! Finally also I got to set the debug and NAT traversal options on - yipee!! I still think SuSE were silly for switching off even the possibility of debug. It's all controlled by ipsec klipsdebug when compiled in anyway! I did it slightly differently - documentation was "pants" and didn't tell men what target to make + make without a target just gave an obscure error - so I scanned the Makefile and make a couple of the targets I saw "kmodule" and "klink". After that I was able to make xconfig in the /usr/src/linux tree and set all the IPSEC config variables and make my shiny new ipsec.o with debugging kernel module! For some reason I lost my nvidia module so I had to reconfigure X so I think it's now not using 3D ?? Couldn't find any setting in xconfig or menuconfig for this and couldn't see a km_* package for it either! Now all I have to do is figure out why the ?%&! my VPN isn't working... ;) Regards, Carl
From: r.maurizzi@digitalpha.it To: suse-security@lists.suse.com Subject: Re: [suse-security] KLIPS Debugging no longer supported in Suse 8.2 ???? Date: Tue, 9 Sep 2003 11:52:28 +0200
It seems that KLIPS debugging is no longer possible since SuSE 8.2.
NAT-Traversal patch isn't enabled, too.
What's the point behind this change??
Probably, the fact that in 2.4.22 crypto routine were added in the kernel, and IPSEC changed a lot.
I've tried installing the km_freeswan package and compiling stuff there but just get compile errors.
You should:
- install the kernel sources for your running kernel
- copy the config for your running kernet to the source dir (usually, go in /usr/src/linux, and do zcat /proc/config.gz > .config)
- "make menuconfig" and check the options. Save the config and do "make dep"
- go in /usr/src/kernel_modules/zz_freeswan
- type "make insert", this inserts the IPSEC patches in the kernel tree
- go back in /usr/src/linux, do "make menuconfig" and go in the Network Option to check the IPSEC settings
- recompile the kernel :-)
Beware: doing so will trash all other SuSE kernel modules that are added independently from the main kernel sources... check that you do not use any module that have its sources in a km_*.rpm packages, and eventually compile it.
Ciao, Rob!
P.S. If someone has a better way to do some of the things II explained here, comments and corrections are VERY welcome :-)
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
_________________________________________________________________ Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile