[CentOS] VPN

Tue May 24 09:20:28 UTC 2005
Peter Farrow <peter at farrows.org>

go to rpm.pbone.net and click on the advanced search

enter    kernel-2.4.21-15  and download a 2.4.21-15 kernel to match your 
freeswan rpms, regressing from 2.4.21-27 to 2.4.21-15 will not be 
problem for you unless a system chipset driver is missing in which case 
you may lose a network card or get slower disk performance.

You can check the disk performance on each kernel with

hdparm -t /dev/hda for example if you have an ide drive....

The most likely (but still improbable) problem you will get is a slower 
chipset disk driver....  but I would bet money on it being ok...

P.


Simone wrote:

> Well, I would use lastest 2.4 kernel, 2.4.21-27.0.4, but  I downloaded 
> freeswan-utils-2.05 and kernel-module-freeswan-2.05 from dags 
> repository for kernel 2.4.21-15 and I am giving it a try with that 
> kernel. I would certainly appreciate if you could provide a set for 
> the latest 2.4 kernel, and even more I would appreciate if you could 
> tell me how to find it myself. I have seen on freeswan's website that 
> I can grab the srpms, so I was wondering if recompilig could be an 
> option (maybe with dag's spec file?) to always have a working freeswan 
> set no matter which kernel I am using.
>
> Thanks again, have a nice day
>
> Simone
>
> Peter Farrow wrote:
>
>> Give me your kernel version and I will find you an Ipsec compatible 
>> set .....
>>
>> I have used 2.4.20... with IPSec...
>>
>> P.
>>
>>
>> Simone wrote:
>>
>>> Thanks, for all the suggestions, this is so helpful.
>>> I have to say I thought using the redhat-config-network tool was the 
>>> easiest way to do it, but once again I realize how graphical tools 
>>> can be misleading sometimes. I have no ipsec.conf anywhere, so I 
>>> assume I am not using freeswan. I checked on the site, but I cannot 
>>> find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 
>>> or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 
>>> kernel but couldn't find any. If anyone can point me somewhere I can 
>>> find a kernel suitable for freeswan I'd appreciate (running CentOS 3).
>>> I am not stuck with any solution, so OpenVPN is an option, although 
>>> I found this good guide to make it work between cisco pix and 
>>> freeswan and I'd rather give it a try. I red on the site that 
>>> freeswan is no more under development, should this worry us?
>>> And final consideration, the box I am trying to VPN is the natting 
>>> gateway, so thanks for the hints on iptables configuration.
>>>
>>>
>>> Simone
>>>
>>> Peter Farrow wrote:
>>>
>>>> on average i takes me less than 5 minutes to setup vpn with 
>>>> freeswan.....
>>>>
>>>> 4 mins of this usually involve finding the right kernel versions....
>>>>
>>>> P.
>>>> :-)
>>>>
>>>> If anyone wants to know the easyway to use freeswan drop me aline 
>>>> it really is very simple.
>>>>
>>>>
>>>> Les Mikesell wrote:
>>>>
>>>>> On Mon, 2005-05-23 at 13:44, Jonathan wrote:
>>>>>
>>>>>  
>>>>>
>>>>>>> IF you are not stuck to IPSec, you might want to take a look at 
>>>>>>> OpenVPN (www.openvpn.org). I found OpenVPN easier to install 
>>>>>>> than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution 
>>>>>>> between my German office and our mainoffice in a matter of hours.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>     
>>>>>>
>>>>>>
>>>>>>
>>>>>> I have to second (resoundingly) Thom on this one.  FreeSWAN is 
>>>>>> perhaps the most painful tool I have ever dealt with on a linux 
>>>>>> system, and I would avoid it if you could.  OpenVPN is much more 
>>>>>> user friendly, though ultimately my company ended up using 
>>>>>> hardware appliances here (turned out to be cheaper than paying 
>>>>>> the sysadmin regularly to keep things up).
>>>>>>   
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> If you are running Centos 3.x you still have CIPE as a 
>>>>> fill-in-the-form
>>>>> option in the redhat-config-network GUI (Click the 'new' button above
>>>>> the devices tab).  Unfortunately it is gone in Centos 4.
>>>>>
>>>>>  
>>>>>
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>> _______________________________________________
>>>> CentOS mailing list
>>>> CentOS at centos.org
>>>> http://lists.centos.org/mailman/listinfo/centos
>>>>  
>>>>
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS at centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos