[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Antw: [suse-security] How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ?
I also needed NAT-Traversal with FreeSWAN.
First i wanted to apply the NAT-Traversal-Patch, like you,
but then i saw, that the X.509-Patch has also an NAT-Traversal-
functionality. This X.509-Patch is applied to the FreeSWAN-
paket shipped with SuSE 8.2.
>>> Elmar Marschke <elmar.marschke@xxxxxxxx> 27.09.2003 18:15:04 >>>
i installed a VPN with a SuSE8.2 2.4.20-4GB kernel and a
freeswan_1.99_0.9.23-20 as provided by the 8.2 distribution.
Everything including x509-Support is tested and working fine.
Now i want to add NAT-Traversal functionality. As written in
/u/s/d/p/freeswan/README.SuSE the NAT-Traversal Patches (written by
Mathieu Lafon) for the *freeswan-package* are already inserted in
the package provided by SuSE.
But to get it running one has also to patch the *kernel* with the
fswan-nat-t-kernel.diff, they write, and which is provided in the
I applied the patch to my kernel-sources (Return Code=0) and
recompiled the kernel:
- make oldconfig (perhaps wrong?? don't know what this exactly is
-i took a look in make xconfig and noticed that there were no
possibilities to do configuration for IPSec, but at that moment i
- changed the Makefile's Extraversion Number..
- make dep
- make clean
- make bzImage
- make modules
- make modules_install
I prepared my bootloader and did mkinitrd for that kernel. Booting
with that kernel was ok, but ipsec did'nt start anymore:
"ipsec_setup:modprobe: can't locate module ipsec. Kernel appears to
I booted my old kernel again and according to some mails of this
list i took a look into .../kernel_modules/zz_freeswan/Makefile and
in that directory:
- make insert
Result: make xconfig in /usr/src/linux did'nt work anymore.
- make kmodule
Result: make xconfig didn't work yet.
- make klink
Result: make xconfig worked again! And it had configuration-options
for IPSec!! I configured this -i took all the defaults i found
there, the only thing i changed was the IPSec-Stuff- and compiled
another kernel exactly as described above (except that i used
xconfig instead oldconfig). Every step gave a Return Code of 0.
Result when booting this new kernel:
"Kernel panic: unresolved symbol reiserfs.o" (which is my boot
can anyone give me a hint about the correct way to apply this patch
and get a working kernel?
*Which* make -steps / targets do i have to take in .../zz_freeswan/
(e.g. what about oldmod?) and perhaps in /usr/src/linux, and **in
Any help would be greatly appreciated.. thnxalot!
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here