Installing IPSec Tools

The IPsec-Tools software started as a port of the KAME IPsec utilities to the Linux platform. The most important component of this software is an advanced Internet Key Exchange daemon that can be used to automatically key IPsec connections. For our test environment, we require version 0.7 or later which will need to be download and compiled manually. To obtain the download url for the latest version of the IPsec Tools source code archive, please visit the IPsec Tools Source Forge Web Page.



Fedora Core 6



Fedora Core 6 will have an older version of IPsec Tools already installed. Before a new version can be installed, you will need to remove the existing version. To lookup the name of the installed package, use the rpm and grep utilities as shown below:


rpm -qa | grep ipsec-tools


In this example, the ipsec-tools-0.6.5-6 package is currently installed. To remove the package, use the rpm utility as shown below:


rpm -e ipsec-tools-0.6.5-6


Once you have uploaded the latest stable IPsec Tools source code archive to the Gateway, you can extract the distribution using the tar utility as shown below:


tar zxvf <ipsec tools archive>

Note: If you downloaded a bzip archive instead of a gzip archive, use jxvf instead of zxvf with the tar command.


Next, change to the newly created directory as shown below:


cd <ipsec tools directory>


Before compiling the software, the configure script needs to be used to set some compile parameters and enable some advanced options. To view a list of all available options, execute the configure script with the --help switch as shown below:


./configure --help


The default install prefix for ipsec tools is /usr/local. Because Linux typically installs software in /usr and expects configuration files to exist under /etc, you will need to add some extra options to cope with these differences. The other options shown below are to enable XAuth, Dead Peer Detection, IKE Fragmentation and NAT Traversal support. Execute the configure script as shown below:


./configure --prefix=/usr --sysconfdir=/etc/racoon --enable-hybrid --enable-frag --enable-dpd --enable-natt


To compile and install the software, use the make command as shown below:


make

make install



FreeBSD 6.2



Once you have uploaded the latest stable IPsec Tools source code archive to the Gateway, you can extract the distribution using the tar utility as shown below:


tar zxvf <ipsec tools archive>

Note: If you downloaded a bzip archive instead of a gzip archive, use jxvf instead of zxvf with the tar command.


Next, change to the newly created directory as shown below:


cd <ipsec tools directory>


Before compiling the software, the configure script needs to be used to set some compile parameters and enable some advanced options. To view a list of all available options, execute the configure script with the --help switch as shown below:


./configure --help


The default install prefix for ipsec tools is /usr/local. This is the normal location for add-on software in FreeBSD so you won't need any extra options to deal with this. The other options shown below are to enable XAuth, Dead Peer Detection, IKE Fragmentation and NAT Traversal support. Execute the configure script as shown below:


./configure --sysconfdir=/usr/local/etc/racoon --enable-hybrid --enable-frag --enable-dpd --enable-natt

Note: The last option line is only valid if the NAT Traversal kernel patch was applied


To compile and install the software, use the make command as shown below:


make

make install



NetBSD 3.1



Once you have uploaded the latest stable IPsec Tools source code archive to the Gateway, you can extract the distribution using the tar utility as shown below:


tar zxvf <ipsec tools archive>

Note: If you downloaded a bzip archive instead of a gzip archive, use jxvf instead of zxvf with the tar command.


Next, change to the newly created directory as shown below:


cd <ipsec tools directory>


Before compiling the software, the configure script needs to be used to set some compile parameters and enable some advanced options. To view a list of all available options, execute the configure script with the --help switch as shown below:


./configure --help


The default install prefix for ipsec tools is /usr/local. NetBSD ships with an older version of ipsec tools installed in the /usr prefix and expects configuration files to exist under /etc. If you choose to overwrite the current version you will need to add some extra options to cope with these differences. You may choose to install the new version of ipsec tools in a different prefix but there may be issues associated with having multiple library versions installed in different paths. The other options shown below are to enable XAuth, Dead Peer Detection, IKE Fragmentation and NAT Traversal support. To overwrite the existing version, execute the configure script as shown below:


./configure --prefix=/usr --sysconfdir=/etc/racoon --enable-hybrid --enable-frag --enable-dpd --enable-natt


To compile and install the software, use the make command as shown below:


make

make install


Copyright 2010, Shrew Soft Inc