[KLUG Members] Donating time to the open source community.
Bruce Smith
members@kalamazoolinux.org
22 May 2003 09:09:50 -0400
> > > The work I did previously was to add the CIPE VPN package
> > CIPE is the VPN that now comes standard on Redhat 9.
> > More info about CIPE is available here:
> > http://sites.inka.de/~bigred/devel/cipe.html
> > And it's very nice to have native support for CIPE
> > on my firewall now. An easy way to secure wireless!
>
> How "hackable" is Devil Linux? For instance if I wanted to add PPTP
> support (which is pretty easy to do on a RH9 box now)
Devil Linux already supports PPTP (and FreeS/WAN, and a few other
VPN's that I'm not familiar with)
Go to http://www.devil-linux.com/ and click on "Introduction".
Scroll down, and you'll get a list of what packages are included.
The list includes:
o PPTP Client
o PPTP Server
You won't see CIPE listed, along with a whole bunch of other new
packages, because those are in the new release being worked on.
> what general
> process would be involved? Do they use any package mangement system?
No package management system.
They do have some developer/hacking instructions in the docs on
the web site.
Getting started basically involves downloading a base system,
(based on linuxfromscratch.com), downloading the Devil Linux files
from sourceforge CVS, and running a script to download some source
code files from a different FTP server.
Adding a new package involves downloading the source/tar for the
package, creating a script to compile and install it (./configure,
make, make install, ...) and then running some make commands,
which compiles everything and you end up with a new ISO image.
That's a bit over simplified, but the general idea. After I've
been at it a little longer, I'll volunteer to give a presentation
on the subject. (not yet)
If you really intend to go this far, contact me offline, because
there are a few "got ya's" where the developer docs aren't real
clear on a couple items. (been there, been burned)
> Adding encrypted PPTP support requires building a kernel module, but not
> actually modifying the running kernel.
Exactly the same for CIPE. Separate kernel module and a binary.
> I'd love to have something that supports both CIPE and PPTP.
I think a current beta ISO of Devil Linux meets those requirements.
> I've pretty much given up on ipSec - what a cluster *$&@( @#)$(_
> @@#$!!. Did someone sit down and say, "Hmmm, lets make a really hard to
> use VPN technology that every firewall will hate, will have road
> warriors riping their hair out in fist fulls, and having DNS admins
> looking at the modification requests with a `WTF` expression."?
NO KIDDING!!!
I had FreeS/WAN running on Devil Linux & my laptop (back in Redhat 8.0),
and besides being hard and confusing, it was UNSTABLE. The VPN kept
going down, requiring manual restarts!
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------