Here are my notes for building a FreeS/WAN 2.4.18-3 kernel starting with the stock kernel and sources from Red Hat 7.3. A few clarifications - The PPTP patch below is referenced in the VPN Masquerade howto - this patch supports connection tracking with GRE and I enthusiastically thank the folks who put all this together. So I install Linux and the sources, then apply the PPTP patch and build a new kernel. After building this kernel, I put in the IPSEC stuff and do make xgo and build an IPSEC-enabled kernel. When I''m done, I have a system with 3 kernels - the original Red Hat kernel, the PPTP kernel, and the IPSEC kernel that supports both IPSEC tunneling and has the ability to pass PPTP stuff along to an authentication server inside the network. If you''re building 1.98, you shouldn''t need the fixed-up errcheck program. I haven''t yet tried building 1.98 myself. A couple other caveats - These notes are cryptic and made only for my use. It never occurred to me they would do anyone else any good and I have references to directories local to my own setup. I figured out my X Windows problem - if you do "shutdown -r now" from inside a terminal emulator window, that messes up X windows next time. So it''s best to logout first and then reboot I''ve done this with a couple different clones and Compaq deskpro PCs. I have never tried any of this with a system with SCSI disks. Geez, the caveats and clarifications are as long as the notes! Here are the notes - I hope they do some good! ********************************************************************** See these URLs: http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/custom-guide/ch-custom-kernel.html http://tldp.org/HOWTO/Kernel-HOWTO-6.html#ss6.3 Put the PPTP patch file in /home/gregs/pptp and do this command: gunzip netfilter-pptp-2.4.17-rev2.patch.gz This creates the file, netfilter-pptp-2.4.17-rev2.patch. Next, copy this file to /usr/src: cp netfilter-pptp-2.4.17-rev2.patch /usr/src cd /usr/src Be sure to make a symbolic link, linux, that points to the real source tree, like this: ln --symbolic linux-2.4.18-3 linux patch -p0 < netfilter-pptp-2.4.17-rev2.patch cd linux make mrproper cp configs/kernel-2.4.18-i386.config .config cp Makefile Makefile.original pico Makefile Look for a line that looks like this: EXTRAVERSION = -3custom Edit this line to say something like: EXTRAVERSION = -3PPTP make xconfig Networking options IP: Netfilter Configuration m - PPTP protocol support m - AH/ESP match support This creates a new .config file with the PPTP stuff make dep make clean make bzImage make modules make modules_install /sbin/mkinitrd /boot/initrd-PPTP.img 2.4.18-3PPTP This makes the RAMdisk for loading the EXT3 file system and SCSI devices. usage: mkinitrd {ImageName} {Subfolder to use from /lib/modules directory} make install This copies all the files to their various locations. (Do this instead of cp /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinux-PPTP) ++++++++++++++++++++++++++++++++++++++++++++++++++++ Now for IPSEC (See http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/install.html) Free S/WAN depends on the gmp developer package. This isn''t documented in the Free S/WAN installation procedures. Be sure to install this package before building Free S/WAN. For Red Hat Linux 7.3, it is on the 2nd CD. rpm --install /mnt/cdrom/RedHat/gmp-devel-4.0.1-3.i386.rpm ftp the latest Free S/WAN from ftp://ftp.xs4all.nl/pub/crypto/freeswan/ Put the .tar.gz file (freeswan-1.97.tar.gz) into /usr/src on the target system. cd /usr/src tar -xzf freeswan*.gz This will give you a directory /usr/src/freeswan<version>. Assuming that we already have a customized kernel configured with the PPTP patches above: Don''t forget to edit Makefile again: cd /usr/src/linux Pico Makefile change: EXTRAVERSION = -3PPTP to: EXTRAVERSION = -3IPSEC197 Now let''s build a kernel. (First, don''t forget to put in the fixed up utils/errcheck program. See the email from Sam S.) cd freeswan-1.97 make xgo (See the Free S/WAN documentation) This configures a kernel, (same as make xconfig, make dep, make clean, make bzImage) After exiting, this should generate lots and lots of output as it does all those stock kernel make commands and builds a new kernel. Note this error during the build: 53c700.h:40:2: #error "Config.in must define either CONFIG_53C700_IO_MAPPED or CONFIG_53C700_MEM_MAPPED to use this scsi core." 53c700.c:155:22: 53c700_d.h: No such file or directory This and other bugs are fixed in release 1.98. In the mean time, see the email message from Sam S for a workaround. Next do: make kinstall (The same as make modules, make modules_install, make install.) This should install the new kernel and put all the pieces where they belong. Don''t forget to build another copy of initrd (see above PPTP stuff) to support the ext3 file system at boot time. Take a look at /etc/grub.conf to make sure the right edits are in place. May need to run Xconfigurator to make X windows work again. May need to set /proc/sys/net/ipv4/conf/eth0/rp_filter = ''0'' for KLIPS to work. Can also do this with /etc/sysctl.conf *************************************************************************************** -----Original Message----- From: Brian [mailto:blanda@mnsi.net] Sent: Saturday, July 06, 2002 2:35 PM To: Greg Scott Subject: RE: [Users] FreeS/Wan on Redhat 7.3 I had no problems installing FreeS/Wan with SuSE 8.0 Pro, it has FreeS/Wan 1.96 using kernel 2.4.18??? hummmmmmm. Can you please clean-up your notes and send it to me.. Thank you for doing that. It''s work great under SuSE 8.0 , I even posted a step by step installing and compiling IPSec under SuSE 8.0. I got FreeS/Wan working with SSH Sent and it work GREAT. -----Original Message----- From: Greg Scott [mailto:GregScott@InfraSupportEtc.com] Sent: Saturday, July 06, 2002 3:37 PM To: Brian; redhat-list@redhat.com Cc: users@lists.freeswan.org Subject: RE: [Users] FreeS/Wan on Redhat 7.3 Brian, did you have the same problem with FreeS/WAN 1.97? I was able to get 1.97 to work after some struggles but have not yet tried 1.98. I am using the kernel configuration answers from configs/kernel-2.4.18-i386.config. Here is an extract from my notes on how to set it all up. cd /usr/src Be sure to make a symbolic link, linux, that points to the real source tree, like this: ln --symbolic linux-2.4.18-3 linux cd linux make mrproper I use the Red Hat configuration answers to initially start out, like this: cp configs/kernel-2.4.18-i386.config .config Next, I build a kernel without FreeS/WAN, then do make xgo and and build a kernel with FreeS/WAN support. There was a 1.97 bug and I had to pull out an error checking tool from the 1.98 candidate release. I can clean up my detailed notes and post here if you want - but I have not yet tried a 1.98 build. - Greg -----Original Message----- From: Brian [mailto:blanda@mnsi.net] Sent: Saturday, July 06, 2002 1:14 PM To: redhat-list@redhat.com Cc: users@lists.freeswan.org Subject: [Users] FreeS/Wan on Redhat 7.3 I have been trying to install FreeS/Wan 1.98b for about one week now and have gotten NO Where. My advice to anyone that wants to run FreeS/Wan buy SuSE 8.0 Pro with FreeS/Wan already included , it will save you from pulling all your hair out, unless you have no hair to begin with. It seems like redhat does not like FreeS/Wan for some reason, everytime I get FreeS/Wan to work I need add another fuction to the kernel then after I think I have it, when I re-start and get to the part starting IPSEc, IT BOMBS out!!!!, telling KLIPS is now not part of the kernel...LOL I have tryed to re-compile the kernel and de-slect the options that I think caused the problem but with no luck... when I slect the netfilter option, which I need to setup routing , It bombs out when I restart redhat...