On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote: > currently I'm setting up a gateway machine for a small office > network. After the recent threads about rooted woody boxes I feel it > would be iresponsible to set up a box without a grsecurity patched > kernel. > The problem is I also need the box to be a VPN gateway. One of > the reasons I got the deal was because I said IPSEC would be a good > solution, so I don't want to back out and use another VPN option > like openvpn. > > There seem to be problems using both the grsecurity and the freeswan > patches (at least I haven't been successfull applying the patches - I > tried the debian versions and the "official" ones from the different > project sites of the patches and the kernel sources). > > Does anybody have debian/stable boxes running kernels with > grsecurity and freeswan? Any hints/experiences to share? Thanks for all the ideas! Now that there is an updated 2.4.18 kernel source in woody I can apply the woody freeswan and grsecurity patches. The grsecurity patch had one reject (I guess because of the PTRACE bugfix) but that was easy to add by hand. Now it's up and running smooth. Hm, should I file a bug against the grsecurity patch, because of the reject with the updated kernel-source from security.debian.org? There is an older (closed) bug (#194523) along the same lines for a kernel-source package from stable-proposed-updates, but nothing for the more recent security.debian.org kernel-source. Greetings, Vinai -- Secure eMail with gnupg: See http://www.gnupg.org/ Please avoid sending me Word, Excel or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Attachment:
pgpbc04pVI7Ca.pgp
Description: PGP signature