User mode linux is a way to compile a linux kernel such that it can
run as a process in another linux system (potentially as a *BSD or
Windows process later). See
UML is a good platform for testing and experimenting with FreeS/WAN.
It allows several network nodes to be simulated on a single machine.
Creating, configuring, installing, monitoring, and controling these
nodes is generally easier and easier to script with UML than real
You'll need about 500Mb of disk space for a full
sunrise-east-west-sunset setup. You can possibly get this down by 130Mb
if you remove the sunrise/sunset kernel build. If you just want to run,
then you can even remove the east/west kernel build.
Nothing need be done as super user. In a couple of steps, we note
where super user is required to install commands in system-wide
directories, but ~/bin could be used instead. UML seems to use a
system-wide /tmp/uml directory so different users may interfere with
- Get the following files:
umlfreeroot-6.0.tar.gz (or highest numbered one). This is a debian
potato root file system. You can use this even on a Redhat host, as it
has the newer GLIBC2.2 libraries as well.
ftp://ftp.xs4all.nl/pub/crypto/freeswan/ a snapshot or release
(1.92 or better)
http://linux.kernel.org mirror, the virgin 2.4.17 kernel. (if you
get a future kernel, then please report success/failure. AC kernels
already have UML patched, so the patch is unnecessary. Below, set
UMLPATCH to /dev/null.)
http://ftp.nl.linux.org/uml/ uml-patch-2.4.17-10.bz2 or the one
associated with your kernel. If you use an AC kernel, you don't need
this patch. More recent versions of the patch have not been tested by
- You'll probably want to visit
http://user-mode-linux.sourceforge.net and get the UML utilities.
These are not needed for the build or interactive use (but
recommended). They are necessary for the regression testing procedures
used by "make check". We currently use uml_utilities_20020212.tar.bz2.
- You need tcpdump version 3.7.1 or better. This is newer than the
version included in most LINUX distributions. You can check the version
of an installed tcpdump with the --version flag. If you need a newer
tcpdump fetch both tcpdump and libpcap source tar files from
http://www.tcpdump.org/ or a mirror.
- Pick a suitable place, and extract the following files:
2.4.17 kernel. For instance:
mkdir -p /c2/kernel/linux-2.4.17
tar xzvf ../download/pub/linux/kernel/v2.4/linux-2.4.17.tar.gz
- extract the umlfreeroot file
mkdir -p /c2/user-mode-linux/basic-root
tar xzvf ../download/umlfreeroot-6.0.tar.gz
- FreeSWAN itself (or checkout "all" from CVS)
mkdir -p /c2/freeswan/sandbox
tar xzvf ../download/snapshot.tar.gz
- If you need to build a newer tcpdump:
- If you need the uml utilities, unpack them somewhere then build and
# Need to be superuser to install in system directories.
# Installing in ~/bin would be an alternative.
su -c "make install BIN_DIR=/usr/local/bin"
- set up the configuration file
- copy umlsetup-sample.sh to ../../umlsetup.sh:
- open up ../../umlsetup.sh in your favorite editor.
- change POOLSPACE= to point to the place with at least 500Mb of
disk. Best if it is on the same partition as the "umlfreeroot"
extraction, as it will attempt to use hard links if possible to save
- Set TESTINGROOT if you intend to run the script outside of the
sandbox/snapshot/release directory. Otherwise, it will configure
- KERNPOOL should point to the directory with your 2.4.17 kernel
tree. This tree should be unconfigured! This is the directory you used
in step 2a.
- UMLPATCH should point at the bz2 file you downloaded at 1d. If
using a kernel that already includes the patch, set this to /dev/null.
- FREESWANDIR should point at the directory where you unpacked the
snapshot/release. Include the "freeswan-snap2001sep16b" or whatever in
it. If you are running from CVS, then you point at the directory where
top, klips, etc. are. The script will fix up the directory so that it
can be used.
- BASICROOT should be set to the directory used in 2b, or to the
directory that you created with RPMs.
- SHAREDIR should be set to the directory used in 2c, to /usr/share
for Debian potato users, or to $BASICROOT/usr/share.
It will grind for awhile. If there are errors it will bail. If so, run
it under "script" and send the output to email@example.com.
- You will have a bunch of stuff under $POOLSPACE. Open four xterms:
for i in sunrise sunset east west
xterm -name $i -title $i -e $POOLSPACE/$i/start.sh done
- Login as root. Password is "root" (Note, these virtual machines are
networked together, but are not configured to talk to the rest of the
- verify that pluto started on east/west, run "ipsec look"
- login to sunrise. run "ping sunset"
- login to west. run "tcpdump -p -i eth1 -n" (tcpdump must be version
3.7.1 or newer)
- Closing a console xterm will shut down that UML.
- You can "make check", if you want to. It is run from