From aaa0331ecf95ced1e913ac9be50168cf0e7cbb82 Mon Sep 17 00:00:00 2001
From: Rene Mayrhofer <rene@mayrhofer.eu.org>
Date: Tue, 30 Jan 2007 12:21:07 +0000
Subject: [svn-upgrade] Integrating new upstream version, strongswan (2.8.2)

---
 doc/src/install.html | 378 ---------------------------------------------------
 1 file changed, 378 deletions(-)
 delete mode 100644 doc/src/install.html

(limited to 'doc/src/install.html')

diff --git a/doc/src/install.html b/doc/src/install.html
deleted file mode 100644
index 09d7c5a67..000000000
--- a/doc/src/install.html
+++ /dev/null
@@ -1,378 +0,0 @@
-<html>
-<head>
-  <meta http-equiv="Content-Type" content="text/html">
-  <title>Installing FreeS/WAN</title>
-  <meta name="keywords"
-  content="Linux, IPsec, VPN, security, FreeSWAN, installation, quickstart">
-  <!--
-
-  Written by Claudia Schmeing for the Linux FreeS/WAN project
-  Freely distributable under the GNU General Public License
-
-  More information at www.freeswan.org
-  Feedback to users@lists.freeswan.org
-
-  CVS information:
-  RCS ID:          $Id: install.html,v 1.1 2004/03/15 20:35:24 as Exp $
-  Last changed:    $Date: 2004/03/15 20:35:24 $
-  Revision number: $Revision: 1.1 $
-
-  CVS revision numbers do not correspond to FreeS/WAN release numbers.
-  -->
-</head>
-<BODY>
-<H1><A name="install">Installing FreeS/WAN</A></H1>
-
-<P>This document will teach you how to install Linux FreeS/WAN. 
-If your distribution comes with Linux FreeS/WAN, we offer
- tips to get you started.</P>
-
-<H2>Requirements</H2>
-
-<P>To install FreeS/WAN you must:</P>
-<UL>
-<LI>be running Linux with the 2.4 or 2.2 kernel series. See 
-this <A HREF="http://www.freeswan.ca/download.php#contact">kernel 
-compatibility table</A>.<BR>We also have experimental support for 
-2.6 kernels. Here are two basic approaches:
-<UL><LI>
-install FreeS/WAN, including its <A HREF="ipsec.html#parts">KLIPS</A>
-kernel code. This will remove the native IPsec stack and replace it
-with KLIPS.</LI>
-<LI>
-install the FreeS/WAN <A HREF="ipsec.html#parts">userland tools</A> 
-(keying daemon and supporting 
-scripts) for use with 
-<A HREF="http://lartc.org/howto/lartc.ipsec.html">2.6 kernel native IPsec</A>,
-</LI>
-</UL>
-See also these <A HREF="2.6.known-issues">known issues with 2.6</A>.
-<LI>have root access to your Linux box</LI>
-<LI>choose the version of FreeS/WAN you wish to install based on
-<A HREF="http://www.freeswan.org/mail.html">mailing list reports</A> <!-- or 
-our updates page (coming soon)--></LI>
-</UL>
-
-<H2>Choose your install method</H2>
-
-<P>There are three basic ways to get FreeS/WAN onto your system:</P>
-<UL>
-<LI>activating and testing a FreeS/WAN that <A HREF="#distroinstall">shipped 
-with your Linux distribution</A></LI>
-<LI><A HREF="#rpminstall">RPM install</A></LI>
-<LI><A HREF="#srcinstall">Install from source</A></LI>
-</UL>
-
-<A NAME="distroinstall"></A><H2>FreeS/WAN ships with some Linuxes</H2>
-
-<P>FreeS/WAN comes with <A HREF="intro.html#distwith">these distributions</A>.
-
-<P>If you're running one of these, include FreeS/WAN in the choices you 
-make during installation, or add it later using the distribution's tools.
-</P>
-
-<H3>FreeS/WAN may be altered...</H3>
-<P>Your distribution may have integrated extra features, such as Andreas
-Steffen's X.509 patch, into FreeS/WAN. It may also use custom
-startup script locations or directory names.</P>
-
-<H3>You might need to create an authentication keypair</H3>
-
-<P>If your FreeS/WAN came with your distribution, you may wish to
- generate a fresh RSA key pair. FreeS/WAN will use these keys
- for authentication.
-
-<P>
-To do this, become root, and type:
-</P>
-
-<PRE>    ipsec newhostkey --output /etc/ipsec.secrets --hostname xy.example.com
-    chmod 600 /etc/ipsec.secrets</PRE>
-
-<P>where you replace xy.example.com with your machine's fully-qualified 
-domain name. Generate some randomness, for example by wiggling your mouse, 
-to speed the process.
-</P>
-
-<P>The resulting ipsec.secrets looks like:</P>
-<PRE>: RSA   {
-        # RSA 2192 bits   xy.example.com   Sun Jun 8 13:42:19 2003
-        # for signatures only, UNSAFE FOR ENCRYPTION
-        #pubkey=0sAQOFppfeE3cC7wqJi...
-        Modulus: 0x85a697de137702ef0...
-        # everything after this point is secret
-        PrivateExponent: 0x16466ea5033e807...
-        Prime1: 0xdfb5003c8947b7cc88759065...
-        Prime2: 0x98f199b9149fde11ec956c814...
-        Exponent1: 0x9523557db0da7a885af90aee...
-        Exponent2: 0x65f6667b63153eb69db8f300dbb...
-        Coefficient: 0x90ad00415d3ca17bebff123413fc518...
-        }
-# do not change the indenting of that "}"</PRE>
-
-<P>In the actual file, the strings are much longer.</P>
-
-
-<H3>Start and test FreeS/WAN</H3>
-
-<P>You can now <A HREF="install.html#starttest">start FreeS/WAN and 
-test whether it's been successfully installed.</A>.</P>
-
-
-<A NAME="rpminstall"></A><H2>RPM install</H2>
-
-<P>These instructions are for a recent Red Hat with a stock Red Hat kernel.
-We know that Mandrake and SUSE also produce FreeS/WAN RPMs. If you're 
-running either, install using your distribution's tools.</P>
- 
-<H3>Download RPMs</H3>
-
-<P>Decide which functionality you need:</P>
-<UL>
-<LI>standard FreeS/WAN RPMs. Use these shortcuts:<BR>
-<UL>
-<LI>(for 2.6 kernels: userland only)<BR>
-ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/binaries/RedHat-RPMs/\*userland*</LI>
-
-<LI>(for 2.4 kernels)<BR>
-ncftpget ftp://ftp.xs4all.nl/pub/crypto/freeswan/binaries/RedHat-RPMs/`uname -r | tr -d 'a-wy-z'`/\*</LI>
-<LI>
-or view all the offerings at our
-<A href="ftp://ftp.xs4all.nl/pub/crypto/freeswan/binaries/RedHat-RPMs">FTP site</A>.
-</LI></UL>
-</LI>
-<LI>unofficial
-<A href="http://www.freeswan.ca/download.php">Super FreeS/WAN</A> 
-RPMs, which include Andreas Steffen's X.509 patch and more. 
-Super FreeS/WAN RPMs do not currently include 
-<A HREF="glossary.html#NAT.gloss">Network Address Translation</A>
-(NAT) traversal, but Super FreeS/WAN source does.</LI>
-</UL>
-
-<A NAME="2.6.rpm"></A>
-<P>For 2.6 kernels, get the latest FreeS/WAN userland RPM, for example:</P>
-<PRE>    freeswan-userland-2.04.9-0.i386.rpm</PRE>
-
-<P>Note: FreeS/WAN's support for 2.6 kernel IPsec is preliminary. Please see 
-<A HREf="2.6.known-issues">2.6.known-issues</A>, and the latest
-<A HREF="http://www.freeswan.org/mail.html">mailing list reports</A>.</P>                                                                                
-<P>Change to your new FreeS/WAN directory, and make and install the 
-
-<P>For 2.4 kernels, get both kernel and userland RPMs.
-Check your kernel version with</P>
-<PRE>    uname -r</PRE>
-
-<P>Get a kernel module which matches that version. For example:</P>
-<PRE>    freeswan-module-2.04_2.4.20_20.9-0.i386.rpm</PRE>
-<P>Note: These modules 
-<B>will only work on the Red Hat kernel they were built for</B>,
-since they are very sensitive to small changes in the kernel.</P>
-
-
-<P>Get FreeS/WAN utilities to match. For example:</P>
-<PRE>    freeswan-userland-2.04_2.4.20_20.9-0.i386.rpm</PRE>
-
-
-<H3>For freeswan.org RPMs: check signatures</H3>
-
-<P>While you're at our ftp site, grab the RPM signing key</P>
-<PRE>    freeswan-rpmsign.asc</PRE>
-
-<P>If you're running RedHat 8.x or later, import this key into the RPM 
-database:</P>
-<PRE>    rpm --import freeswan-rpmsign.asc</PRE>
- 
-<P>For RedHat 7.x systems, you'll need to add it to your 
-<A HREF="glossary.html#PGP">PGP</A> keyring:</P>
-<PRE>    pgp -ka freeswan-rpmsign.asc</PRE>
-
-
-<P>Check the digital signatures on both RPMs using:</P>
-<PRE>    rpm --checksig freeswan*.rpm </PRE>
-
-<P>You should see that these signatures are good:</P>
-<PRE>    freeswan-module-2.04_2.4.20_20.9-0.i386.rpm: pgp md5 OK
-    freeswan-userland-2.04_2.4.20_20.9-0.i386.rpm: pgp md5 OK</PRE>
-
-
-<H3>Install the RPMs</H3>
-
-<P>Become root:</P>
-<PRE>    su</PRE>
-
-<P>For a first time install, use:</P>
-<PRE>    rpm -ivh freeswan*.rpm</PRE>
-
-<P>To upgrade existing RPMs (and keep all .conf files in place), use:</P>
-<PRE>    rpm -Uvh freeswan*.rpm</PRE>
-
-<P>If you're upgrading from FreeS/WAN 1.x to 2.x RPMs, and encounter problems,
-see <A HREF="upgrading.html#upgrading.rpms">this note</A>.</P>
-
-
-<H3>Start and Test FreeS/WAN</H3>
-
-<P>Now, <A HREF="install.html#starttest">start FreeS/WAN and test your 
-install</A>.</P>
-
-
-<A NAME="srcinstall"></A><H2>Install from Source</H2>
-<!-- Most of this section, along with "Start and Test", can replace 
-INSTALL. -->
-
-<H3>Decide what functionality you need</H3>
-
-<P>Your choices are:</P>
-<UL>
-<LI><A HREF="ftp://ftp.xs4all.nl/pub/crypto/freeswan">standard 
-FreeS/WAN</A>,</LI>
-<LI>standard FreeS/WAN plus any of these
- <A HREF="web.html#patch">user-supported patches</A>, or</LI>
-<LI><A HREF="http://www.freeswan.ca/download">Super FreeS/WAN</A>,
-an unofficial FreeS/WAN pre-patched with many of the above. Provides 
-additional algorithms, X.509, SA deletion, dead peer detection, and 
-<A HREF="glossary.html#NAT.gloss">Network Address Translation</A>
-(NAT) traversal.</LI>
-</UL>
-
-<H3>Download FreeS/WAN</H3>
-
-<P>Download the source tarball you've chosen, along with any patches.</P>
-
-<H3>For freeswan.org source: check its signature</H3>
-
-<P>While you're at our ftp site, get our source signing key</P>
-<PRE>    freeswan-sigkey.asc</PRE>
-
-<P>Add it to your PGP keyring:</P>
-<PRE>    pgp -ka freeswan-sigkey.asc</PRE>
-
-
-<P>Check the signature using:</P>
-<PRE>    pgp freeswan-2.04.tar.gz.sig freeswan-2.04.tar.gz</PRE>
-<P>You should see something like:</P>
-<PRE>    Good signature from user "Linux FreeS/WAN Software Team (build@freeswan.org)".
-    Signature made 2002/06/26 21:04 GMT using 2047-bit key, key ID 46EAFCE1</PRE>
-<!-- Note to self: build@freeswan.org has angled brackets in the original.
-     Changed because it conflicts with HTML tags. -->
-
-<H3>Untar, unzip</H3>
-
-<P>As root, unpack your FreeS/WAN source into <VAR>/usr/src</VAR>.</P>
-<PRE>    su
-    mv freeswan-2.04.tar.gz /usr/src
-    cd /usr/src
-    tar -xzf freeswan-2.04.tar.gz
-</PRE>
-
-<H3>Patch if desired</H3>
-
-<P>Now's the time to add any patches. The contributor may have special 
-instructions, or you may simply use the patch command.</P>
-
-<H3>... and Make</H3>
-
-<P>Choose one of the methods below.</P>
-
-<H4>Userland-only Install for 2.6 kernels</H4>
-<A NAME="2.6.src"></A>
-
-<P>Note: FreeS/WAN's support for 2.6 kernel IPsec is preliminary. Please see 
-<A HREf="2.6.known-issues">2.6.known-issues</A>, and the latest
-<A HREF="http://www.freeswan.org/mail.html">mailing list reports</A>.</P>                                                                                
-<P>Change to your new FreeS/WAN directory, and make and install the 
-FreeS/WAN userland tools.</P>
-<PRE>    cd /usr/src/freeswan-2.04
-    make programs
-    make install</PRE>
-                                                                                
-<P>Now, <A HREF="install.html#starttest">start FreeS/WAN and
-test your install</A>.</P>
-
-
-
-<H4>KLIPS install for 2.2, 2.4, or 2.6 kernels</H4>
-
-<A NAME="modinstall"></A>
-
-<P>To make a modular version of KLIPS, along with other FreeS/WAN programs 
-you'll need, use the command sequence below. This will
-change to your new FreeS/WAN directory, make the FreeS/WAN module (and other
-stuff), and install it all.</P>
-<PRE>    cd /usr/src/freeswan-2.04
-    make oldmod
-    make minstall</PRE>
- 
-<P><A HREF="install.html#starttest">Start FreeS/WAN and 
-test your install</A>.</P>
-
-
-
-<P>To link KLIPS statically into your kernel (using your old kernel settings), 
-and install other FreeS/WAN components, do:
-</P>
-<PRE>    cd /usr/src/freeswan-2.04
-    make oldmod
-    make minstall</PRE>
-
-
-<P>Reboot your system and <A HREF="install.html#testonly">test your 
-install</A>.</P>
-
-<P>For other ways to compile KLIPS, see our Makefile.</P>
-
-
-
-<A name="starttest"></A><H2>Start FreeS/WAN and test your install</H2>
-
-<P>Bring FreeS/WAN up with:</P>
-<PRE>    service ipsec start</PRE>
-
-<P>This is not necessary if you've rebooted.</P>
-
-<A name="testonly"></A><H2>Test your install</H2>
-
-<P>To check that you have a successful install, run:</P>
-<PRE>    ipsec verify</PRE>
-
-<P>You should see at least:</P>
-<PRE>
-    Checking your system to see if IPsec got installed and started correctly
-    Version check and ipsec on-path                             [OK]
-    Checking for KLIPS support in kernel                        [OK]
-    Checking for RSA private key (/etc/ipsec.secrets)           [OK]
-    Checking that pluto is running                              [OK]
-</PRE>
-
-<P>If any of these first four checks fails, see our 
-<A href="trouble.html#install.check">troubleshooting guide</A>.
-</P>
-
-
-<H2>Making FreeS/WAN play well with others</H2>
-
-<P>There are at least a couple of things on your system that might 
-interfere with FreeS/WAN, and now's a good time to check these:</P>
-<UL>
-  <LI>Firewalling. You need to allow UDP 500 through your firewall, plus 
- ESP (protocol 50) and AH (protocol 51). For more information, see our
-  updated firewalls document (coming soon).
- </LI>
-  <LI>Network address translation. 
-Do not NAT the packets you will be tunneling.</LI>
-</UL>
-
-
-<H2>Configure for your needs</H2>
-
-<P>You'll need to configure FreeS/WAN for your local site. Have a look at our 
-<A HREF="quickstart.html">opportunism quickstart guide</A> to see if that
-easy method is right for your needs. Or, see how to <A HREF="config.html">
-configure a network-to-network or Road Warrior style VPN</A>.
-</P>
-
-
-
-
-</BODY>
-</HTML>
-- 
cgit v1.2.3