Topic: freeswan 1.8 rpm for ES 4 (4.0.1)-already tested

[Jeb Campbell]

Just made a rpm of freeswan 1.8 with kernel 2.2.16-3 for e-smith 4.0 or 4.0.1.  Included are all the steps that tripped me up.  ipsec.o is a module.

Works great with dyndns also.

Charlie or Ken, could I host it on your server? 1.8 megs would kill my modem.  (I could also do a 4.1 when it is released).

I also would like to write a how-to if that's ok, and take people through it step by step -- it's easy looking back on it, just lots of little things to get you caught.

PLS email me if that would be ok (jebc@utk.edu), but I'm going to get some sleep now, this took all night.

[Jason]

Call me stupid but what is freeswan?

[Jeb Campbell]

www.freeswan.org -- it's an implementation of ipsec for linux,bsd, etc.  This lets you do vpn's such as subnet-to-subnet, or host-to-subnet.  This latest one supports rsa authentication, 3des encryption on the data, adjustable key life, multiple tunnels, and data compression between the tunnels.

My setup for a company (and between some of my friends) is as follows.  2048 bits keys on each server for authentication, 3des encryption, 2 hour key life (if someone cracks your key, the most info they can get is 2 hours worth, but you can adjust this), subnet to subnet, and compression.

Basically lets my private 192.168.2.0/24 subnet and another (or as many as you want) like 192.168.0.0./24 be connected securely, it really is great -- you can do anythin over the tunnel like samba or X11 forwarding -- and it's secure.  Feel free to ask any more questions about what it can do, or if I haven't explained it well, just say so.

[Jeb Campbell]

Goto linux.made-to-order.net and click on download on the left menu and the rpm is at the bottom of the page.  Don't forget to goto topics/e-smith and the first one is the freeswan on e-smith how-to, which you should read before installing.

[Tim Litwiller]

actual url for the how to is
http://linux.made-to-order.net/article.php&mode=thread&order=0

[Geoff Bennion]

Does this support people connecting via the internet on
Win98SE clients?
Does it support MS-Compatable encryption/compression?
(ideally we would like to allow home workers to connect to our network via the internet)

[Gordon Rowell]

Jeb Campbell wrote:

> Just made a rpm of freeswan 1.8 with kernel 2.2.16-3 for
> e-smith 4.0 or 4.0.1.  Included are all the steps that tripped
> me up.  ipsec.o is a module.
>
> Works great with dyndns also.
>
> Charlie or Ken, could I host it on your server? 1.8 megs would
> kill my modem.  (I could also do a 4.1 when it is released).
> [...]

e-smith provides hosting for any e-smith related developments.

Please contact me privately and we'll arrange to make it available.

I note that Tim Litwiller has also generously offered to host this,
but I think it would also be useful to have your work directly on
e-smith.org

Gordon

[Tim Litwiller]

I agree, and you know where to get the files to put them there.

Once they are there let me know and I will point the link there instead.

Thanks
Tim Litwiller

[Gordon Rowell]

Tim Litwiller wrote:

> I agree, and you know where to get the files to put them there.
>
> Once they are there let me know and I will point the link there
> instead.

Thanks Tim.

The RPMs, including the SRPM, are now up on ftp.e-smith.org

ftp://ftp.e-smith.com/pub/e-smith/contrib/RPMindex/RPMS/i386/freeswan-1.8-es1.i386.html

The README is available in both the SRPMS and RPMS/i386 directories

The announcement will be up soonish as well.

Gordon