[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FreeS/WAN patch compatibility with freeswan package?

(A late reply)

On Mon, Jan 19, 2004 at 10:41:46AM -0800, Adam Morley wrote:
> Hi,
> I have a server where I'd like to be able to use functionality 
> provided by later versions of the freeswan kernel patch --- namely, 
> 0.9.14 of the X.509 patches provided support for the 
> leftprotoport/rightprotoport.  
> (http://www.strongsec.com/freeswan/install.htm#section_4.5).

That's a nice page.

> I'd rather not have to build my own versions of the freeswan 
> package, but use the one already included with Debian Woody. 
> Is this possible if I'm running a later version of the freeswan 
> kernel patch (like this one: 
> http://www.strongsec.com/freeswan/x509patch-0.9.37-freeswan-1.99.tar.gz)?
> Or will I have to track both the kernel patch and a later version
> of the freeswan tools?
> I thought I could use sarge's freeswan package, but being that 
> I'm rather new to Debian, I don't know a whole lot about just 
> upgrading that one package.  Suggestions for the best "debian way" 
> to do something like this would be helpful.

I can't answer your first question about whether you need to upgrade
freeswan to work with the later kernel patch, but I might say, 
in order to install something from sarge, just update to sarge, 
install it and then update to stable and noone will be any the wiser 

You can simulate install with apt-get -s install freeswan

If it goes in and you change your mind, you will need to
explicitly downgrade, e.g.:
apt-get install freeswan=<version-number>

Some people do this, using mixed releases with debian stable,
testing, and unstable quite routinely.  I think it's a nice thing
about Debian that it very often works, because of the dependency
checking in .deb files.  It is basically deprecated though, I guess
because some core things have to be in one distribution or other
or they don't work properly, but I don't really know.

More thorough is to backport it, or find a woody backport from
someone reputable.  This avoids recompiling (if possible)
the testing or unstable source on your woody system, which is also
good of course.

Actually, looking now, you may need to recompile it (not difficult).
This better answer to the second question, from the archives of 
this very list:


Patrick Lesslie

Reply to: