[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Solved: How to apply IPSec NAT-Traversal Patch to SuSE8.2-Kernel ?
special thanks to Andreas and Carl (JJ), due to your hints i solved
my problem. Though i don't have a patched *and* running kernel yet,
i achieved my goal to connect several Private-IP-Subnets through
my VPN. Here's a short summary:
Andreas Thierer wrote:
> I also needed NAT-Traversal with FreeSWAN.
> First i wanted to apply the NAT-Traversal-Patch, like you,
> but then i saw, that the X.509-Patch has also an NAT-Traversal-
> functionality. This X.509-Patch is applied to the FreeSWAN-
> paket shipped with SuSE 8.2.
Yes, you're right. I just couldn't believe that it's so simple :-).
Obviously it's not necessary to apply the kernel patch...
..this brought the solution.
Perhaps one will have trouble when trying to connect several
Networks that incidentally use the same private IP-Range, but right
now this is not the case in my setup.
J J wrote:
> Is your new kernel missing reiserfs.o in the /lib/modules/<kernel
> version>/kernel/fs/reiserfs/ directory?
no, it's existing there.
> If not then you have probably got a faulty config.
Yes, now i suppose that's the reason, too. Unfortunately i can't
imagine why... Just as you described I did a zcat /proc/config.gz >
.config and then a make xconfig after i patched the kernel. But
unfortunately what you describe in the following lines...
> You've already patched the kernel so future compiles will give
> the Ipsec options that you need.
> Then you should have a configuration
> that's identical to your working configuration but with any
> choose to make. The obvious changes are to switch on Ipsec, the NAT
> traversal and X509 patches...
was not the case, there were no options for ipsec available, before
i did that "strange" makefile targets in
.../kernel_modules/zz_freeswan. Is it possible that patching went
wrong although Ret.Code was 0 ?
> If the build process did make reiserfs.o but you're still getting a
> kernel panic then the problem is probably in the initrd.
I don't think so. I studied mkinitrd -h, think that i did it all
correctly and the same procedure is successful at other occasions.
Anyway, in further inquiries i found some hints that
Kernel-Parameter CONFIG_REISERFS_FS_POSIX_ACL could be concerned to
my problem. In my xconfig this is displayed black, not grey, but
anyway it's not possible to change it. Another thing that made me
wonder: zcat /proc/config.gz > .config; make xconfig -> save
*without any changings* into file .config2 and quit; then a
diff .config .config2 shows a lot of differences. Does anybody know
why this is so?
Apart from this many thanks to all contributors...:-)
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here