VPN Server

[Charles Steinkuehler]

> >The patches required for x.509 support do *NOT* modify the kernel,
> >just
> >the user-mode code.
>
> Trying to patch and compile, using the instructions at
> www.strongsec.com/freeswan.  <QUOTE>
>
> 3.3 Installing FreeS/WAN with X.509 on a fresh kernel
<snip>
> </QUOTE>

And back at you...

www.strongsec.com/freeswan
<QUOTE>
3.4 Adding X.509 on top of a working FreeS/WAN IPsec stack

If you already have a FreeS/WAN enhanced Linux Kernel running and want
to add X.509 functionality afterwards, then you must apply the patch
freeswan.diff as described in section 3.2. In a next step you must
recompile the userland progams by staying in the FreeS/WAN top source
directory and typing

    make programs

followed by

    make install

 As a last step you must restart FreeS/WAN to enable the X.509 features

     ipsec setup restart

</QUOTE>
>
> Pre-Patched binary RPM's available for RH and SUSE.  This is a
> mandrake machine (I know, wrong choice for a server)
>
> Any ideas?

If you can grab an unpatched FreeS/WAN for mandrake that includes the
kernel, all you really need is an updated pluto, utils/auto, and
utils/_confread.  If it was my system, I'd grab the source-RPM for
FreeS/WAN on mandrake, install on my build system, patch for x.509, and
build.  Depending on how you want to maintain the system in the future,
I'd then either re-build the RPM binary package and install, or simply
copy the new binaries to the target system.  I would *NOT* use "make
install" from the freeswan source directory if you're trying to use
RPM's to install FreeS/WAN...things could get ugly if you try to
replace/update the RPM sometime in the future (depends a lot on how well
the RPM and FreeS/WAN default file locations match).

Charles Steinkuehler
charles at steinkuehler.net