Re: linux-ipsec: Notes from _trying_ to install & configure Linux FreeS/WAN...

On Wed, 25 Nov 1998, Richard Guy Briggs wrote:
> > Target system is a RedHat 4.2 486 box but it lacks a full set of

I'm reluctant to get into trying to enumerate everything needed; so long as we're using only "the usual" development tools, not anything weird, I am inclined to consider lack of same as a "warranty is void" case.

> Right, make the kernel first and make sure it works, steps 1, 3, 4, 5 say

Step 5 is now more insistent on getting communication going before trying FreeS/WAN, and the new doc/vpn.how document is rather pointed about it.

> I'm thinking the nexthop parameter should disappear and the automatic I/F

Trouble is, there may not *be* an old route that's being replaced. That's especially true in the more security-conscious cases.

> Alright...mcr and I have been talking about updating tcpdump-ascii, I will

Actually, you can verify this easily enough with a stock tcpdump -- if the ping packets start looking like trash, it's probably protected. There is a quick hint about this in doc/vpn.how, which could stand to be fleshed out a bit more with a detailed recipe.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

> Hmmm, this nexthop stuff has to be automated...

Great idea, if there were a way to do that. The information's just not available in the general case.

> It looks like KLIPS was static linked and one of the startup scripts tried

As noted earlier, the setup script tries regardless, just in case. I forget -- is there a quick way to tell whether the kernel already has Klips? Test for /proc/net/ipsec_tncfg?

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)