Here are my notes for building a FreeS/WAN 2.4.18-3 kernel starting with
the stock kernel and sources from Red Hat 7.3.
A few clarifications -
The PPTP patch below is referenced in the VPN Masquerade howto - this patch
supports connection tracking with GRE and I enthusiastically thank the
folks who put all this together. So I install Linux and the sources,
then apply the PPTP patch and build a new kernel. After building this kernel,
I put in the IPSEC stuff and do make xgo and build an IPSEC-enabled kernel.
When I''m done, I have a system with 3 kernels - the original Red Hat
kernel,
the PPTP kernel, and the IPSEC kernel that supports both IPSEC tunneling and
has the ability to pass PPTP stuff along to an authentication server inside
the network.
If you''re building 1.98, you shouldn''t need the fixed-up
errcheck program.
I haven''t yet tried building 1.98 myself.
A couple other caveats - These notes are cryptic and made only for my use. It
never occurred to me they would do anyone else any good and I have references
to directories local to my own setup.
I figured out my X Windows problem - if you do "shutdown -r now" from
inside
a terminal emulator window, that messes up X windows next time. So
it''s best
to logout first and then reboot
I''ve done this with a couple different clones and Compaq deskpro PCs.
I have
never tried any of this with a system with SCSI disks.
Geez, the caveats and clarifications are as long as the notes!
Here are the notes - I hope they do some good!
**********************************************************************
See these URLs:
http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/custom-guide/ch-custom-kernel.html
http://tldp.org/HOWTO/Kernel-HOWTO-6.html#ss6.3
Put the PPTP patch file in /home/gregs/pptp and do this command:
gunzip netfilter-pptp-2.4.17-rev2.patch.gz
This creates the file, netfilter-pptp-2.4.17-rev2.patch.
Next, copy this file to /usr/src:
cp netfilter-pptp-2.4.17-rev2.patch /usr/src
cd /usr/src
Be sure to make a symbolic link, linux, that points to the real source tree,
like this:
ln --symbolic linux-2.4.18-3 linux
patch -p0 < netfilter-pptp-2.4.17-rev2.patch
cd linux
make mrproper
cp configs/kernel-2.4.18-i386.config .config
cp Makefile Makefile.original
pico Makefile
Look for a line that looks like this:
EXTRAVERSION = -3custom
Edit this line to say something like:
EXTRAVERSION = -3PPTP
make xconfig
Networking options
IP: Netfilter Configuration
m - PPTP protocol support
m - AH/ESP match support
This creates a new .config file with the PPTP stuff
make dep
make clean
make bzImage
make modules
make modules_install
/sbin/mkinitrd /boot/initrd-PPTP.img 2.4.18-3PPTP
This makes the RAMdisk for loading the EXT3 file system and SCSI devices.
usage: mkinitrd {ImageName} {Subfolder to use from /lib/modules directory}
make install
This copies all the files to their various locations.
(Do this instead of cp /usr/src/linux/arch/i386/boot/bzImage
/boot/vmlinux-PPTP)
++++++++++++++++++++++++++++++++++++++++++++++++++++
Now for IPSEC
(See http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/install.html)
Free S/WAN depends on the gmp developer package. This isn''t documented
in the Free S/WAN
installation procedures. Be sure to install this package before building Free
S/WAN. For
Red Hat Linux 7.3, it is on the 2nd CD.
rpm --install /mnt/cdrom/RedHat/gmp-devel-4.0.1-3.i386.rpm
ftp the latest Free S/WAN from ftp://ftp.xs4all.nl/pub/crypto/freeswan/
Put the .tar.gz file (freeswan-1.97.tar.gz) into /usr/src on the target system.
cd /usr/src
tar -xzf freeswan*.gz
This will give you a directory /usr/src/freeswan<version>.
Assuming that we already have a customized kernel configured with the PPTP
patches above:
Don''t forget to edit Makefile again:
cd /usr/src/linux
Pico Makefile
change:
EXTRAVERSION = -3PPTP
to:
EXTRAVERSION = -3IPSEC197
Now let''s build a kernel.
(First, don''t forget to put in the fixed up utils/errcheck program.
See the email from Sam S.)
cd freeswan-1.97
make xgo (See the Free S/WAN documentation)
This configures a kernel, (same as make xconfig, make dep, make clean, make
bzImage)
After exiting, this should generate lots and lots of output as it does all those
stock kernel
make commands and builds a new kernel.
Note this error during the build:
53c700.h:40:2: #error "Config.in must define either CONFIG_53C700_IO_MAPPED
or CONFIG_53C700_MEM_MAPPED to use this scsi core."
53c700.c:155:22: 53c700_d.h: No such file or directory
This and other bugs are fixed in release 1.98. In the mean time, see the email
message from Sam S for a workaround.
Next do:
make kinstall (The same as make modules, make modules_install, make install.)
This should install the new kernel and put all the pieces where they belong.
Don''t forget to build
another copy of initrd (see above PPTP stuff) to support the ext3 file system at
boot time.
Take a look at /etc/grub.conf to make sure the right edits are in place.
May need to run Xconfigurator to make X windows work again.
May need to set /proc/sys/net/ipv4/conf/eth0/rp_filter = ''0''
for KLIPS to work. Can also do this
with /etc/sysctl.conf
***************************************************************************************
-----Original Message-----
From: Brian [mailto:blanda@mnsi.net]
Sent: Saturday, July 06, 2002 2:35 PM
To: Greg Scott
Subject: RE: [Users] FreeS/Wan on Redhat 7.3
I had no problems installing FreeS/Wan with SuSE 8.0 Pro, it has FreeS/Wan
1.96 using kernel 2.4.18??? hummmmmmm. Can you please clean-up your notes
and send it to me.. Thank you for doing that. It''s work great under
SuSE 8.0
, I even posted a step by step installing and compiling IPSec under SuSE
8.0. I got FreeS/Wan working with SSH Sent and it work GREAT.
-----Original Message-----
From: Greg Scott [mailto:GregScott@InfraSupportEtc.com]
Sent: Saturday, July 06, 2002 3:37 PM
To: Brian; redhat-list@redhat.com
Cc: users@lists.freeswan.org
Subject: RE: [Users] FreeS/Wan on Redhat 7.3
Brian, did you have the same problem with FreeS/WAN 1.97? I was able
to get 1.97 to work after some struggles but have not yet tried 1.98.
I am using the kernel configuration answers from
configs/kernel-2.4.18-i386.config.
Here is an extract from my notes on how to set it all up.
cd /usr/src
Be sure to make a symbolic link, linux, that points to the real source
tree, like this:
ln --symbolic linux-2.4.18-3 linux
cd linux
make mrproper
I use the Red Hat configuration answers to initially start out,
like this:
cp configs/kernel-2.4.18-i386.config .config
Next, I build a kernel without FreeS/WAN, then do make xgo and
and build a kernel with FreeS/WAN support. There was a 1.97 bug
and I had to pull out an error checking tool from the 1.98
candidate release.
I can clean up my detailed notes and post here if you want - but
I have not yet tried a 1.98 build.
- Greg
-----Original Message-----
From: Brian [mailto:blanda@mnsi.net]
Sent: Saturday, July 06, 2002 1:14 PM
To: redhat-list@redhat.com
Cc: users@lists.freeswan.org
Subject: [Users] FreeS/Wan on Redhat 7.3
I have been trying to install FreeS/Wan 1.98b for about one week now and
have gotten NO Where.
My advice to anyone that wants to run FreeS/Wan buy SuSE 8.0 Pro with
FreeS/Wan already included , it will save you from pulling all your hair
out, unless you have no hair to begin with. It seems like redhat does not
like FreeS/Wan for some reason, everytime I get FreeS/Wan to work I need add
another fuction to the kernel then after I think I have it, when I re-start
and get to the part starting IPSEc, IT BOMBS out!!!!, telling KLIPS is now
not part of the kernel...LOL I have tryed to re-compile the kernel and
de-slect the options that I think caused the problem but with no luck...
when I slect the netfilter option, which I need to setup routing , It bombs
out when I restart redhat...