New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

Openswan (ipsec vpn) on the B3

A collection of tips on howto tweak your Bubba.
Post Reply
Gordon
Posts: 1461
Joined: 10 Aug 2011, 03:18

Openswan (ipsec vpn) on the B3

Post by Gordon »

For those that remember the problems I ran into trying to install Strongswan. Here's the howto for getting things back up with Openswan after upgrading to software version 2.4 (kernel 2.6.39)

First we need to grab some sources, including the kernel source (don't worry - we're not going to do the lengthy compiling of all the existing modules). The source is now a package also, but it's not in the standard tree. We'll add that and let the package run its course.

Code: Select all

# become root first
su -

# enable the source package tree
change_distribution -s elvin
apt-get update

# change to where the source should be kept (/usr/src) and grab the kernel source
cd /usr/src
apt-get source bubba3-kernel
Next we need to add some links to the source in the modules tree:

Code: Select all

# attempt to auto-determine the correct source folder (one-liner!)
sourcedir=`find /usr/src/ -maxdepth 1 -type d -name "linux*" | sort -r | awk 'BEGIN{FS="/"};{print $4;exit}'`

# it's customary to have a symbolic link named 'linux' to the current kernel's source,
# so let's create that
rm -f linux && ln -s ${sourcedir} linux

# change to the current kernel's module tree
cd /lib/modules/`uname -r`

# create symbolic links named 'build' and 'source' towards the kernel source
ln -s ../../../usr/src/${sourcedir} build
ln -s ../../../usr/src/${sourcedir} source
While we're not going to use the kernel source to actually recompile everything Excito already did, we'll still need to prepare it for use:

Code: Select all

# enter the kernel source directory
cd /usr/src/linux

# Verify the config file - standard docs tell to run "make oldconfig", but that
# can be very tedious.
make menuconfig
# => this will pop up an ASCII "graphic" screen. Navigate, using 'down' cursor key,
# to the first line that has either an empty space or a star (*) between brackets in
# front of it. Press space to toggle its value and then again to reset it to original.
# Use 'right' cursor key to select "exit" and press 'enter' - save the configuration.

# We need to generate some build scripts based on the content of the config file
make prepare && make modules_prepare
Almost done now ;)
So now let's get the Openswan source (at time of writing, version 2.6.38 is the latest) and compile the KLIPS module. No comments here - it's the same as in the original post.

Code: Select all

cd /usr/src
wget http://www.openswan.org/download/openswan-2.6.38.tar.gz
tar xjf openswan-2.6.38.tar.gz
cd openswan-2.6.38
make KERNELSRC=/lib/modules/`uname -r`/build module minstall
Currently I still use the Openswan userland tools provided by the debian package which is at the July 2010 version 2.6.28. If you like to make use of newer features you can also build the userland tools from this source, but note that the default install will place the files outside of the normal searchpath in /usr/local.
Gordon
Posts: 1461
Joined: 10 Aug 2011, 03:18

Re: Openswan (ipsec vpn) on the B3

Post by Gordon »

PROBLEM!

I found 2 issues trying to activate my config:

1: The kernel source is corrupted. While compiling the module, it is stamped with an incorrect kernel version, causing it not to load. The fix appears to be to run the following patch content before doing anything else with the source:

Code: Select all

--- Makefile	2012-04-18 15:22:51.000000000 +0200
+++ Makefile	2012-04-18 15:43:02.000000000 +0200
@@ -3,3 +3,3 @@
 SUBLEVEL = 39
-EXTRAVERSION = .4
+EXTRAVERSION = .4-9
 NAME = Flesh-Eating Bats with Fangs
2: People have been nagging about the xfrm and netkey modules needing hours of compile time, but in the current release these have been made part of the kernel. This blocks the loading of the klips module and because netkey barfs the kernel I can now no longer run my VPN.
Post Reply