Re: [Users] (no subject)

From: Sam Sgro (sam_at_freeswan.org)
Date: Wed Nov 06 2002 - 03:00:52 CET

• Next message: Greg Scott: "[Users] RE: Ask for help"
• Previous message: Sam Sgro: "Re: [Users] win2000 DNS server -RSA public/private key"
• In reply to: swcims: "*****SPAM***** [Users] (no subject)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 6 Nov 2002, swcims wrote:

> Hello,
> I am a freshman to use freeswan-1.99.My machine:redhat 7.1.There are some questions need help:
> 1.Where will I install freeswan ?In left and right gateway?In all machines in left and right LAN?

Well, that depends on what you are trying to achieve; a subnet to subnet
configuration only requires that the gateway machines for those subnets. If
you need to protect the traffic between two or more hosts on your LAN, you
will want to install FreeS/WAN on those hosts.

> 2.I updated linux kernel from 2.4.2-2 to 2.4.19.After installing freeswan,I enter "/etc/rc.d/init.d/ipsec restart".Then it will show:"ipchains:Protocol not available".But you know,ipchains is replaced by iptables.

Yikes; that ipchains "spam" is relatively innocent.

It represents a (rudimentary) shot at poking a hole in your firewall; if we
find the file "/etc/sysconfig/ipchains", and can't find an ipchains allowing
IKE traffic, we'll try to issue ipchains rules along those lines. If they
fail, you get that result.

This doesn't compromise FreeS/WAN, though; as long as you ensure that your
firewall rules permit IKE/IPSec traffic. If you can revert to this
configuration, rest assured that all should be well.

You know, you could have upgraded your kernel to the latest released for
RedHat 7.1 release - 2.4.9-34 - and used one of our handy dandy RPMs with
little effort?

> So I download iptables-1.2.7a and "make","make install".Then I type"make menuconfig",select "Netfilter ..." in "Network Options",and select "ipchains (...)support".
> I recompile kernel.
> However,Ipsec is absolutely broken-"....Broken shell!".
> Would you please to give me some answers?Thanks a lot!

If you can revert to your earlier compiled kernel, do so without worry. If
not, perhaps you've recompiled the kernel without IPSec support (the kernel
sources should be patched from your earlier install). If you've chosen modular
IPSec support, did you forget "make modules" and "make modules_install"?

Try recompiling the kernel from our sources, using "make menugo".

- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPch31kOSC4btEQUtAQGE2AQAyz09vRDqG/+n34TK3NR4NedGai2u6N/L
xZtlGTELF9eiLaNG8/g524Stp+gqvGq+gwiRC5cE6zIlXJzX1F3L0QDW0VrsXqMm
6B7+J5hbK2nbOQ0xMGcTpYsWipsPRA8hjJXqqupPrBaXEPP/IkAfoItmGVoxN/je
ELIizUIVnpI=
=jRmO
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Greg Scott: "[Users] RE: Ask for help"
• Previous message: Sam Sgro: "Re: [Users] win2000 DNS server -RSA public/private key"
• In reply to: swcims: "*****SPAM***** [Users] (no subject)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Thu Nov 07 2002 - 05:20:39 CET