Securing-Optimizing-RH-Linux-1_2_296
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
296
Freeswan version number is 1_3
Packages
Kernel Homepage: http://www.kernelnotes.org/
You must be sure to download: linux-2_2_14_tar.gz
Freeswan Homepage Site: http://www.freeswan.org/
You must be sure to download: freeswan-1_3_tar.gz
Tarballs
It is a good idea to make a list of files on the system before you install FreeS/WAN, and one
afterwards, and then compare them using diff to find out what file it placed where. Simply run
find /* > vpn1 before and find /* > vpn2 after you install the software, and use diff vpn1 vpn2
> vpn to get a list of what changed.
Prerequisites
The installation of IPSEC FreeS/WAN Virtual Private Network software requires some
modification of your original kernel since FreeS/WAN must be included and incorporated in your
kernel before you can use it. For this reason the first step to do for installing FreeS/WAN software
is to go to the Linux Kernel section in this book and follow the instructions to install Linux Kernel
in your system (even if you are already do this before) and come back to Linux FreeS/WAN
VPN (this section) after you have executed the make dep; make clean commands and before
the make bzImage command in the Linux Kernel section.
CAUTION: It is highly recommended to not compile anything in the kernel with a flags optimization
if youre intend to install FreeSWAN software in your system. Any optimization flags added to the
Linux kernel will produce an errors message in the FreeSWAN IPSEC software when it will try to
run, this is an important caution you must care about or nothing will work for FreeSWAN.
Optimization flags we show you in the chapter 5 Configuring and Building a Secure, Optimized
kernels apply without any problem to all sections and chapters of this book but exception exist
for the FreeSWAN IPSEC software. Once again I repeat, dont put/add any optimization
option/flags to your Linux kernel when compiling and patching it to support FreeSWAN.
Compilation of FreeS/WAN
Decompress the tarball (tar.gz).
[root@deep /]# cp freeswan-version_tar.gz /usr/src/
[root@deep /]# cd /usr/src
[root@deep src]# tar xzpf freeswan-version_tar.gz
[root@deep src]# chown -R 0.0 /usr/src/freeswan-version
Compile and insert FreeS/WAN to the kernel
You must modify the Makefile under FreeS/WAN source directory and subdirectories named
utils, klips/utils, Pluto, and lib to specify installation paths. We must modify these files to be
compliant with Red Hat file system structure and install FreeS/WAN files under our PATH
ENVIRONMENT VARIABLE.
Step 1
Move to the top-level directory of the new FreeS/WAN distribution and type the following
commands on your terminal:
Edit the Makefile file (vi Makefile) and change the following lines: