[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [suse-security] Problem with freeswan after 2.4.19 kernel update



Dieter,

Thanks :) have since had a look at the SuSE support pages
(http://www.suse.de/en/private/download/updates/81_i386.html) and ...

'The kernel update for SuSE Linux 8.1 from June 2003 (2.4.19-308)
broke FreeS/WAN. The reason is that the CGL features (USAGI patches) 
that provide superior IPv6 support introduce incompatibilities in 
the pfkey interface that IPsec uses. 
This package has been adatped to work with the new kernel (but 
unfortunately not with the old one.) 
Furthermore, IP compression support has been dropped'

... so I guess, either revert to the old kernel or better still, update
the freeswan packages - will post back if the latter approach works.

Best Regards,

Michael


-----Original Message-----
From: Dieter Kirchner [mailto:dkirchner@xxxxxxxxx] 
Sent: Monday, July 28, 2003 12:55 PM
To: suse-security@xxxxxxxx
Cc: Karl Flannery
Subject: Re: [suse-security] Problem with freeswan after 2.4.19 kernel
update


Hi,

>Since updating our SuSE 8.1 VPN gateway with the latest 2.4.19 kernel 
>update (k_deflt-2.4.19-329), users are reporting problems creating 
>IPsec connections.

>Any ideas how to fix this?

Did you reboot ? If not, try this first. If "depmod -a" after reboot
shows errors, wait for the fix by SuSE (they messed up this update
AFAIK) or compile a new kernel by yourself. Download for the necessary
kernel-patches the super-freeswan (1.98 or so) package, download
kernelsource, decompress both, configure your kernel, change into the
super-freeswan source dir, issue a "make insert" to generate links and
patches, configure the kernel again (this time ipsec will show up),
compile and install the kernel and modules, reboot. This procedure
worked for me. If you do not configure the kernel before "make insert"
the script will complain (it work anyway, I did not test this). This
will fix the broken mppe of SuSE also, for usage with pptpd, if you like
to use this kind of VPN also make sure you have "bsd-compress" option
for ppp enabled too.

Regards,

Dieter

---------------------------------------------------------------
Dieter Kirchner
Systemadministration BUPNET
+49 551 54707 62 D-Goettingen
http://www.bupnet.de
---------------------------------------------------------------


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here