---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 299 [root@deep linux]#  make config NOTE: The difference with the “make config” command we have made before is that now a new section related to FreeS/WAN has been included in our kernel configuration and for this reason we must reconfigure the kernel to customize the IPSec options and be part of your kernel. The first thing you need to  do is ensure that your kernel has been built with FreeS/WAN support enabled. In the 2.2.14 kernel version, a new section related to frees/WAN VPN support named “IPSec options (FreeS/WAN)” would appear in your kernel configuration after you have patched the kernel with the FreeS/WAN program as descibed above. You need ensure that you have answered Y to the following questions under the new section: IPSec options (FreeS/WAN). IPSec options (FreeS/WAN) IP Security Protocol (FreeS/WAN IPSEC) (CONFIG_IPSEC) [Y/n/?] IPSEC: IP-in-IP encapsulation (CONFIG_IPSEC_IPIP) [Y/n/?] IPSEC: PF_KEYv2 kernel/user interface (CONFIG_IPSEC_PFKEYv2) [Y/n/?] IPSEC: Enable ICMP PMTU messages (CONFIG_IPSEC_ICMP) [Y/n/?] IPSEC: Authentication Header (CONFIG_IPSEC_AH) [Y/n/?] HMAC-MD5 authentication algorithm (CONFIG_IPSEC_AUTH_HMAC_MD5) [Y/n/?] HMAC-SHA1 authentication algorithm (CONFIG_IPSEC_AUTH_HMAC_SHA1) [Y/n/?] IPSEC: Encapsulating Security Payload (CONFIG_IPSEC_ESP) [Y/n/?] 3DES encryption algorithm (CONFIG_IPSEC_ENC_3DES) [Y/n/?] IPSEC Debugging Option (DEBUG_IPSEC) [Y/n/?] NOTE: All customization you have made to your kernel the first time you are running the “make config”, “make dep”, and “make clean” commands will be preserved. So you don’t need to reconfigure all the part of your kernel but just the new section added by FreeS/WAN named “IPSec options (FreeS/WAN)” like show above. Some networking options will get turned On automatically even if you are previously turned them Off, this is because IPSEC needs them. Whichever configuration program you are using, you should pay careful attention to a few issues: in particular, do NOT disable any of the following under the “Networking Options” of your kernel configuration: Kernel/User netlink socket (CONFIG_NETLINK) [Y/n/?] Netlink device emulation (CONFIG_NETLINK_DEV) [Y/n/?] Compile and install the new kernel with FreeS/WAN  Now that we are including in the kernel, support for FreeS/WAN VPN, we can compile and install the new kernel. · Return to the “/usr/src/linux” directory and run the following commands again: [root@deep linux]#  make dep; make clean; make bzImage After execution of the commands above, follow the rest of the instructions in the Linux Kernel section of this book (Chapter 5 Configuring and Building a secure, optimized Kernels) as normal to install the kernel. At this point, after you have copied and installed your new kernel image, system.map, or modules (if necessary), and set the lilo.conf file to load the new kernel, you must edit and customize the configuration files related to FreeS/WAN “ipsec.conf” and “ipsec.secrets” before rebooting your system. Cleanup after work [root@deep /]# cd /usr/src [root@deep src]# rm -rf freeswan-version/ freeswan-version_tar.gz