go to rpm.pbone.net and click on the advanced search enter kernel-2.4.21-15 and download a 2.4.21-15 kernel to match your freeswan rpms, regressing from 2.4.21-27 to 2.4.21-15 will not be problem for you unless a system chipset driver is missing in which case you may lose a network card or get slower disk performance. You can check the disk performance on each kernel with hdparm -t /dev/hda for example if you have an ide drive.... The most likely (but still improbable) problem you will get is a slower chipset disk driver.... but I would bet money on it being ok... P. Simone wrote: > Well, I would use lastest 2.4 kernel, 2.4.21-27.0.4, but I downloaded > freeswan-utils-2.05 and kernel-module-freeswan-2.05 from dags > repository for kernel 2.4.21-15 and I am giving it a try with that > kernel. I would certainly appreciate if you could provide a set for > the latest 2.4 kernel, and even more I would appreciate if you could > tell me how to find it myself. I have seen on freeswan's website that > I can grab the srpms, so I was wondering if recompilig could be an > option (maybe with dag's spec file?) to always have a working freeswan > set no matter which kernel I am using. > > Thanks again, have a nice day > > Simone > > Peter Farrow wrote: > >> Give me your kernel version and I will find you an Ipsec compatible >> set ..... >> >> I have used 2.4.20... with IPSec... >> >> P. >> >> >> Simone wrote: >> >>> Thanks, for all the suggestions, this is so helpful. >>> I have to say I thought using the redhat-config-network tool was the >>> easiest way to do it, but once again I realize how graphical tools >>> can be misleading sometimes. I have no ipsec.conf anywhere, so I >>> assume I am not using freeswan. I checked on the site, but I cannot >>> find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 >>> or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 >>> kernel but couldn't find any. If anyone can point me somewhere I can >>> find a kernel suitable for freeswan I'd appreciate (running CentOS 3). >>> I am not stuck with any solution, so OpenVPN is an option, although >>> I found this good guide to make it work between cisco pix and >>> freeswan and I'd rather give it a try. I red on the site that >>> freeswan is no more under development, should this worry us? >>> And final consideration, the box I am trying to VPN is the natting >>> gateway, so thanks for the hints on iptables configuration. >>> >>> >>> Simone >>> >>> Peter Farrow wrote: >>> >>>> on average i takes me less than 5 minutes to setup vpn with >>>> freeswan..... >>>> >>>> 4 mins of this usually involve finding the right kernel versions.... >>>> >>>> P. >>>> :-) >>>> >>>> If anyone wants to know the easyway to use freeswan drop me aline >>>> it really is very simple. >>>> >>>> >>>> Les Mikesell wrote: >>>> >>>>> On Mon, 2005-05-23 at 13:44, Jonathan wrote: >>>>> >>>>> >>>>> >>>>>>> IF you are not stuck to IPSec, you might want to take a look at >>>>>>> OpenVPN (www.openvpn.org). I found OpenVPN easier to install >>>>>>> than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution >>>>>>> between my German office and our mainoffice in a matter of hours. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> I have to second (resoundingly) Thom on this one. FreeSWAN is >>>>>> perhaps the most painful tool I have ever dealt with on a linux >>>>>> system, and I would avoid it if you could. OpenVPN is much more >>>>>> user friendly, though ultimately my company ended up using >>>>>> hardware appliances here (turned out to be cheaper than paying >>>>>> the sysadmin regularly to keep things up). >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> If you are running Centos 3.x you still have CIPE as a >>>>> fill-in-the-form >>>>> option in the redhat-config-network GUI (Click the 'new' button above >>>>> the devices tab). Unfortunately it is gone in Centos 4. >>>>> >>>>> >>>>> >>>> ------------------------------------------------------------------------ >>>> >>>> >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> http://lists.centos.org/mailman/listinfo/centos >>>> >>>> >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >> >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos