Installing and Configuring a Linux VPN Server

Preparing and Completing the Installation

Before you install FreeS/WAN, a number of packages should be on hand or installed. It is imperative that you have the kernel source files, a GNU C compiler (probably gcc), as well as make and patch installed. Other required files include the GMP library, which will be required for public key calculations. According to the developers, not installing the GMP library and patch are two of the most common mistakes, so ensure they have been installed. If you are using Red Hat 7.2, take the time to query for the following packages, and install any not found using rpm –i:

  • rpm -q gmp-3.1.1-4.i386.rpm
  • rpm -q gmp-devel-3.1.1-4.i386.rpm
  • rpm -q patch-2.5.4-10.i386.rpm
  • rpm -q make-3.79.1-8.i386.rpm

You’ll also need the FreeS/WAN source files, which can be downloaded from The version used for this article is 1.94, and is not included as an RPM with Red Hat 7.2. Download the file to /usr/src and untar it there:

tar – xzf freeswan.1.94.gz

Beginning the FreeS/WAN installation is relatively simple and painless, as most of the installation is scripted. It is strongly recommended that you first build your own kernel prior to the installation, as this will help if a problem needs to be tracked down later. For the purpose of building this system, go through a kernel configuration and create a new image for FreeS/WAN using the default 2.4.7-10 kernel. If you plan to use an earlier kernel version, the developers point out that FreeS/WAN scripts will not compile properly on the 2.2.19 series kernel – you should use 2.2.20 at a minimum. Note also that FreeS/WAN will ultimately look for the Linux kernel source in the /usr/src/linux directory, so create a symbolic link prior to starting:

ln -s linux-2.4 linux

Installing the new kernel and image should be straightforward; the amount of time it takes will depend on the hardware you have chosen. If you choose to install on Red Hat 7.1 instead, precede this command with a make mrproper to avoid script errors. The standard options to configure the kernel include:

  • make menuconfig
  • make dep
  • make bzImage
  • make install
  • make modules
  • make modules_install

After the processes have completed, copy the new bzImage file to /boot.

cp /usr/src/linux/arch/i386/boot/bzImage /boot

You’ll then need to edit /etc/lilo.conf to point to the new image. Use the current boot loader settings found and create a new path for an alternate image called IPSec. For the sake of keeping things simple, make this the default kernel to boot from.

It isn’t very hard to accidentally boot to the wrong image and then wonder why your configuration isn’t working. Remember to run lilo after saving the file to be sure it sees the changes you’ve made. After the process has completed, reboot your system using the new image.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.