模板
教程
环境
性能
功能
管理
freeswan 文档摘录
发表于:2007-05-26来源:作者:点击数:
标签:
1)Building and installing the software 2)Testing to see if install succeeded Building and installing the software There are several ways to build and install the software. All require that you have kernel source, correctly configured for y
1)Building and installing the software
2)Testing to see if install suclearcase/" target="_blank" >cceeded
Building and installing the software
There are several ways to build and install the software. All require that you have kernel source, correctly configured for your machine, as a starting point. If you don't have that yet, see the previous section
Whatever method you choose, it will do all of the following:
- add FreeS/WAN code to the kernel
- insert patches into standard kernel code to provide an interface
- add additional files which use that interface
- re-configure and re-compile the kernel to activate that code
- install the new kernel
- build the non-kernel FreeS/WAN programs and install them
- ipsec(8) in /usr/local/sbin
- others in /usr/local/lib/ipsec
- install FreeS/WAN man pages under /usr/local/man
- create the configuration file ipsec.conf(5). Editing this file to configure your IPSEC gateway is described in the next section.
- create an RSA public/private key pair for your system and place it in ipsec.secrets(5)
- install the initialisation script /etc/rc.d/init.d/ipsec
- create links to that script from the /etc/rc.d/rc[0-6].d directories so that each run level starts or stops IPSEC. (If the previous sentence makes no sense to you, try the From Power-up to Bash Prompt HowTo).
Testing to see if install succeeded
To check that you have a sucessful install, you can reboot and check (by watching messages during boot or by looking at them later with dmesg(8)) that:
- the kernel reports the right version. If not, you are likely still running your old kernel. Check your lilo.conf(5) file and the installation directory (defined in the kernel make file, often /boot but the default is /), then rerun lilo(8).
- KLIPS initialisation messages appear
- Pluto reports that it is starting
You can also try the commands:
- ipsec --version, to test whether /usr/local/bin is in your path so you can use IPSEC administration commands
- ipsec whack --status, using ipsec_whack(8) to ask Pluto for status information
Of course any status information at this point should be uninteresting since you have not yet configured connections.
