Charles - You have a lab rat! I've been trying to get x.509 to work with 2.2.19. I've compiled the utils seperately, but pluto doesn't seem to execute correctly unless it's used with the kernel for which it was compiled. I've compiled the 2.2.19 kernel using your 2.2.19-2-source distribution in redhat 7.1 with rpm's installed for backward compatibility. Fine. But when I add in freeswan-1.91, the compile barfs in so many ways (even when using kgcc) - never mind the x.509 patches. the x.509 patches are easy enough to apply . . .
cd /usr/src tar xfz x509patch-0.9.4-freeswan-1.91.tar.gz cd x509 . . . cp pluto.diff ../freeswan-1.91/pluto cp auto.diff ../freeswan-1.91/utils/ cd fswcert cp _confread.patch ../../freeswan-1.91/utils cd ../../pluto ; patch -p1 < pluto.diff cd ../utils ; patch auto auto.diff ; patch _confread _confread.patch Then just build as normal. I'd also consider installing the distribution you're using to build the kernel to do this myself if you tell me what it is. Thanks! jk FROM: Charles SteinkuehlerDATE: 11/08/2001 10:49:23SUBJECT: RE: [Leaf-user] Wanted for Dachstein : IPSec with X.509 patch I believe someone has already posted a request for FreeSwan 1.91 with the > X.509 patch applied. I was wondering if this could be made available in the > DachStein CDrom image. Is this possible Charles? The added functionality > would be greatly appreciated. > The reason I ask is that I need to support both subnet to subnet road > warrior (freeswan to freeswan) and subset to host road warrior (freeswan to > windows 2000). The difficulty is that windows 2000 only supports PSK and > X.509 certificates. Freeswan , to support subnet to subnet and subnet to > host in road warrior, requires 2 different connection entries. Since > windows 2000 forces me to use PSK, freeswan cannot differenciate between > the 2 connection types. > Using X.509 certificates for all would allow a connection entry for each > individual, regardless of type( subnet to subnet or subnet to host). > Sorry to be so long winded. If anyone can point out a solution not > requiring X.509 certificates, I would appreciate the suggestion!. The main reason I haven't applied the x.509 patch is twofold: I don't need it, and I have no way of testing it. If someone is willing to play lab rat and test an IPSec package with the patches applied, I'll compile the user-mode code with the patches applied (no mods required to the kernel space code, AFAIK). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
