If you are a non-expert, you should not be working from this file. Instead, you should work from the HTML documentation, starting with doc/setup.html. The rest of this file is FOR EXPERTS ONLY. doc/impl.notes discusses some expert-only side issues; doc/kernel.notes is some notes on kernel-building fine points. If you have used an earlier version, read the CHANGES and BUGS files. 0. You must configure and build your own Linux kernel first, and you preferably should boot it to confirm that it works. Also, if humanly possible, configure and test your network(s) without IPSEC first, to make sure packets really can get from one end to the other. 1. Do ONE of the following commands, depending on how you configure your kernel. (This configures, builds, and installs IPSEC, except it does not install the new kernel. The kernel build includes "make dep clean".) # pick one; does more than just configure! make menugo # use menuconfig make xgo # use xconfig make ogo # use config make oldgo # use oldconfig 2. IPSEC-related configuration settings are under "Networking options". Most relevant things are now right by default. Some seemingly-unrelated options get turned on automatically because IPSEC needs them. Beware that the 2.2.xx "advanced router" causes problems: its "rp_filter" subsystem must be turned off for IPSEC to work properly, and just leaving the whole thing disabled is the simplest approach unless you know what you're doing. Turning "IPSEC Debugging Option" off may look attractive but is unwise. 3. Save the new configuration settings, even if you have made no changes; KLIPS will not be part of your kernel configuration without such a save. 4. Wait. The compile and kernel build take a while, perhaps 5min on a 200MHz PCI machine with 32MB and good disks. No interaction is needed after the configuration save. A report on kernel patching is left in the file out.kpatch; the kernel build output is left in out.kbuild. Proper error checking is done at every step: the make WILL STOP if something goes wrong (even in the Linux kernel Makefiles, which are careless about this themselves -- their output is caught and checked). 5. Most of the user-level utilities are now in /usr/local/lib/ipsec, with the "ipsec" command in /usr/local/sbin to provide easy access to the rest. (Our procedures generally assume that /usr/local/sbin is in your shell's search path.) The manual pages are in /usr/local/man/man[1-8], mostly under names starting with "ipsec_". The new kernel is built but not yet installed. At boot time, KLIPS and Pluto will start automatically. 6. Install the new kernel. *IF* kernel install on your system uses the kernel's own "make install" (and perhaps "make modules_install"), then as a convenience, you can do it from our top-level directory by: make kinstall # only if using kernel "make install" etc. This is properly error-checked, and the output is left in out.kinstall. 7. Edit the /etc/ipsec.conf and /etc/ipsec.secrets configuration files as necessary (see doc/configuration.html or the manpages). The Makefile will not overwrite them if run again. 8. Reboot. This file is RCSID $Id: INSTALL,v 1.100 2000/05/10 15:43:35 henry Exp $