One vital piece of information you have failed to mention is the exact version of freeswan you are trying to work with... I can say I'm running Debian 3.0 current with security updates which I have built a 2.4.20 kernel with the freeswan 1.99 from unstable... The kernel was patched with the kernel-patch-freeswan-ext patch to include the extra encryption algorithms and is working flawlessly so far... I've even got a Windows 2000 laptop running SSH Sentinel to connect with it using X.509 authentication... You keep saying your trying to patch freeswan but I think you may not be aware if you are using the Debian freeswan package source it is already patched with several patches not in the official freeswan distribution... The 1.99 package from unstable has the most recent X.509, AES ALGO, Notify Delete SA and NAT-Traversal patches already applied to it... If you would like to discuss things one-on-one you're free to contact me directly and I will try to assist you in your problems but the only real problem I had was in configuring the ipsec.conf for freeswan-freeswan and freeswan-sentinel connections with DHCP-over-IPSec and that now is a non-issue except for a few operational issues... Regards, Jeremy On Sat, Apr 05, 2003 at 09:04:54AM -0800, Steve Jr Ramage wrote: > Well continuing the problem, I have moved from the original one, > appended at the bottom. Now something else is wrong, basically the > following out put. I had to use 'export PATCH_THE_KERNEL=YES' (thanks > Kenneth). Now the kernel compile asks me a bunch of IPSEC questions and > then later it does this. I have done a make-kpkg clean, and a make dep, > on both systems. There doesn't seem to be anything wrong. I did download > the freestwan package. Is there anything else I need? > > Steve Ramage > > /usr/src/kernel-fermat/net/ipsec/ext/ipsec_ext_aes-opt.c(.text+0x9c): > multiple definition of `ipsec_aes_init' > ipsec_aes.o(.text+0x10c):/usr/src/kernel-fermat/net/ipsec/ext/ipsec_ext_ > aes.c: first defined here > ld: Warning: size of symbol `ipsec_aes_init' changed from 283 to 123 in > ipsec_aes-opt.o > ipsec_aes-opt.o: In function `AES_cbc_encrypt': > /usr/src/kernel-fermat/net/ipsec/ext/libaes-opt/aes_cbc.c:8: multiple > definition of `aes_encrypt' > ipsec_aes.o:/usr/src/kernel-fermat/net/ipsec/ext/libaes/aes_cbc.c:9: > first defined here > make[5]: *** [ipsec_ext_static.o] Error 1 > make[5]: Leaving directory `/usr/src/kernel-fermat/net/ipsec/ext' > make[4]: *** [ext/ipsec_ext_static.o] Error 2 > make[4]: Leaving directory `/usr/src/kernel-fermat/net/ipsec' > make[3]: *** [first_rule] Error 2 > make[3]: Leaving directory `/usr/src/kernel-fermat/net/ipsec' > make[2]: *** [_subdir_ipsec] Error 2 > make[2]: Leaving directory `/usr/src/kernel-fermat/net' > make[1]: *** [_dir_net] Error 2 > make[1]: Leaving directory `/usr/src/kernel-fermat' > make: *** [stamp-build] Error 2 > > -----Original Message----- > From: Steve Jr Ramage [mailto:sjr@sjrx.net] > Sent: April 5, 2003 05:36 > To: 'users-admin@lists.freeswan.org'; 'debian-security@lists.debian.org' > Subject: Debian Kernel's and FreeSwan > > > First and foremost, as the issue will probably demonstrate I'm relative > to Linux, so bare with me. > Basically I am trying to get FreeSwan to run as server, but can't get > the patch to work. > All my system's are running debian 3.0r0, and kernel 2.4.18 (my own > make). > My System(s): > 1) HP Netserver LS 5/166: 2 Intel Pentium 166, 128 MB RAM, running > stable. > 2) Pentium III-550, 128 MB RAM, running unstable/testing > 3) Pentium 200 MMX , 64 MB RAM, running stable. > > For you freeswan people(this message was cross posted to freeswan and > debian mail lists). Debian has its own method of installing/making a > kernel, and although I can compile one with what I assume to be the > regular way, I'd prefer to do it the Debian way, and I am having > problems with that. > > Anyway I can succesfully complete and install a compiled kernel, but I > am only trying to add a freeswan patch, so I have no idea if it's just > my syntax or the specific package. > > I have the freeswan kernel patch, it exists in > /usr/src/kernel-patches/all/, aswell it exists in .../apply and > .../unpatch. > > I then proceed to the kernel build directory and type make-kpkg > --added-patches freeswan kernel_image, then install it dpkg -i > (filename). I have also tried 'set PATCH_THE_KERNEL=YES' also tried > sticking something akin to that in the .config file to know avail. I > have searched google, can't find the guide I had a long time ago (been > trying for a few months). Anyone have any ideas, or can point me towards > a guide, that will go STEP by STEP. > > Thanks, > > > Steve Ramage. > > > > -- > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org >
Attachment:
pgpMUJi_1YNtG.pgp
Description: PGP signature