Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

ipsec-tools-0.8.2 with radius support from source on CentOS 6.5 32bit
https://forum.ivorde.com/ipsec-tools-0-8-2-with-radius-support-from-source-on-centos-6-5-32bit-t19341.html
Page 1 of 1

Author:  mandrei99 [ Sun Dec 28, 2014 6:14 pm ]
Post subject:  ipsec-tools-0.8.2 with radius support from source on CentOS 6.5 32bit

ipsec-tools-0.8.2 with radius support from source on CentOS 6.5 32bit

Installing the latest Ipsec-tools package from source on CentOS is not an easy task. After few attempts, I managed to get it

running on the 32bit version of Centos 6.5.

To avoid some of the ugly configure / make errors below, I will list all necessary steps needed for a base CentOS install:
Code:
configure: error: Broken getaddrinfo() is no longer supported. Aborting.

Code:
./conftest: error while loading shared libraries: libradius.so: cannot open shared object file: No such file or directory
configure:14577: $? = 127
configure: program exited with status 127

Code:
configure:14477: checking getaddrinfo bug
configure:14577: gcc -o conftest -Wall -O2 -D_GNU_SOURCE -include ./src/include-glibc/glibc-bugs.h -I./src/include-glibc -

I./src/include-glibc -I/usr/include   conftest.c -lradius -lutil -lcrypto  -lresolv /usr/lib/libfl.a -lcrypt -lcrypt -L/usr//lib -

R/usr//lib -lradius >&5
gcc: unrecognized option '-R/usr//lib'
configure:14577: $? = 0
configure:14577: ./conftest
./conftest: error while loading shared libraries: libradius.so: cannot open shared object file: No such file or directory
configure:14577: $? = 127
configure: program exited with status 127



Code:
gcc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec   -D_GNU_SOURCE -include ./src/include-glibc/glibc-bugs.h -I./src/include-glibc -

I./src/include-glibc  -I../../src/racoon/missing -I/usr//include -D_GNU_SOURCE -include ../../src/include-glibc/glibc-bugs.h -

I../../src/include-glibc -I../../src/include-glibc -DSYSCONFDIR=\"/usr/etc\" -DADMINPORTDIR=\"/usr/var/racoon\" -g -O2  -Wall -

Werror -Wno-unused -MT isakmp_quick.o -MD -MP -MF .deps/isakmp_quick.Tpo -c -o isakmp_quick.o isakmp_quick.c
cc1: warnings being treated as errors
isakmp_quick.c: In function ‘quick_r1recv’:
isakmp_quick.c:2182: error: dereferencing pointer ‘saddr.155’ does break strict-aliasing rules
isakmp_quick.c:2182: note: initialized from here
make[4]: *** [isakmp_quick.o] Error 1
make[4]: Leaving directory `/root/ipsec-tools-0.8.2/src/racoon'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/src/racoon'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/root/ipsec-tools-0.8.2/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/ipsec-tools-0.8.2'
make: *** [all] Error 2


1. Installing necessary packages required for compilation.
Code:
# yum install wget tcpdump lsof flex flex-devel
# yum groupinstall 'Development Tools'
# yum groupinstall "Server Platform Development"


2. Installing libmd, libradius and ipsectools and creating a symlink for libradius.so, configure and compile ipsec-tools.
Code:
# wget http://portal-to-web.de/tacacs/libmd.tar.gz
# tar zxvf libmd.tar.gz
# cd libmd
# make
# make install
# mkdir -p /usr/local/man/man3
# make install

# cd
# wget http://portal-to-web.de/tacacs/libradius-linux-20040827.tar.gz
# tar zxvf libradius-linux-20040827.tar.gz
# cd libradius-linux
# make
# make install
# cd


# ln -sf /usr/local/lib/libradius.so /usr/lib/

# wget "http://downloads.sourceforge.net/project/ipsec-tools/ipsec-tools/0.8.2/ipsec-tools-0.8.2.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fipsec-tools%2Ffiles%2Fipsec-tools%2F0.8.2%2F&ts=1419528064&use_mirror=heanet"

# mv ipsec-tools-0.8.2.tar.gz\?r\=http\:%2F%0A%0A%2Fsourceforge.net%2Fprojects%2Fipsec-tools%2Ffiles%2Fipsec-tools%2F0.8.2%2F\&ts\=1419528064\&use_mirror\=heanet ipsec-tools-0.8.2.tar.gz

# tar zxvf ipsec-tools-0.8.2.tar.gz
# cd ipsec-tools-0.8.2

# ./configure --enable-stats --enable-hybrid --enable-shared --enable-frag --enable-adminport  --enable-dpd --prefix=/usr --enable-security-context=no --with-kernel-headers=/usr/include --enable-natt=yes  --with-libradius=/usr/ --with-flexlib=/usr/lib/libfl.a --enable-gssapi  CFLAGS=-fno-strict-aliasing


checking kernel Security Context support... yes
checking selinux/selinux.h usability... yes
checking selinux/selinux.h presence... yes
checking for selinux/selinux.h... yes
checking for avc_init in -lselinux... yes
checking whether to support Security Context... no
checking for rt containing clock_gettime... -lrt
checking for monotonic system clock... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating package_version.h
config.status: creating src/Makefile
config.status: creating src/include-glibc/Makefile
config.status: creating src/libipsec/Makefile
config.status: creating src/setkey/Makefile
config.status: creating src/racoon/Makefile
config.status: creating src/racoon/samples/psk.txt
config.status: creating src/racoon/samples/racoon.conf
config.status: creating rpm/Makefile
config.status: creating rpm/suse/Makefile
config.status: creating rpm/suse/ipsec-tools.spec
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands



# make
..
/bin/sh ../../libtool  --tag=CC   --mode=link gcc -D_GNU_SOURCE -include ../../src/include-glibc/glibc-bugs.h -I../../src/include-glibc -I../../src/include-glibc -DSYSCONFDIR=\"/usr/etc\" -DADMINPORTDIR=\"/usr/var/racoon\" -fno-strict-aliasing  -Wall -Werror -Wno-unused -lcrypto  -o plainrsa-gen plainrsa-gen.o plog.o crypto_openssl.o logger.o  vmbuf.o misc.o -lrt -lradius -lutil -lcrypto  -lresolv /usr/lib/libfl.a -lcrypt -lcrypt -L/usr//lib -R/usr//lib -lradius -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
libtool: link: gcc -D_GNU_SOURCE -include ../../src/include-glibc/glibc-bugs.h -I../../src/include-glibc -I../../src/include-glibc

-DSYSCONFDIR=\"/usr/etc\" -DADMINPORTDIR=\"/usr/var/racoon\" -fno-strict-aliasing -Wall -Werror -Wno-unused -o plainrsa-gen

plainrsa-gen.o plog.o crypto_openssl.o logger.o vmbuf.o misc.o  -lrt -lutil -lcrypto -lresolv /usr/lib/libfl.a -lcrypt -L/usr//lib

-lradius -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -Wl,-rpath -Wl,/usr//lib
make[4]: Leaving directory `/root/ipsec-tools-0.8.2/src/racoon'
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/src/racoon'
make[3]: Entering directory `/root/ipsec-tools-0.8.2/src'
make[3]: Nothing to be done for `all-am'.
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/src'
make[2]: Leaving directory `/root/ipsec-tools-0.8.2/src'
Making all in rpm
make[2]: Entering directory `/root/ipsec-tools-0.8.2/rpm'
Making all in suse
make[3]: Entering directory `/root/ipsec-tools-0.8.2/rpm/suse'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/rpm/suse'
make[3]: Entering directory `/root/ipsec-tools-0.8.2/rpm'
rm -f ipsec-tools.spec.tmp
sed < ipsec-tools.spec.in > ipsec-tools.spec.tmp \
            -e 's:@-VERSION-@:0.8.2:'
mv ipsec-tools.spec.tmp ipsec-tools.spec
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/rpm'
make[2]: Leaving directory `/root/ipsec-tools-0.8.2/rpm'
make[2]: Entering directory `/root/ipsec-tools-0.8.2'
make[2]: Leaving directory `/root/ipsec-tools-0.8.2'
make[1]: Leaving directory `/root/ipsec-tools-0.8.2'
# echo $?
0

# make install
make[1]: Leaving directory `/root/ipsec-tools-0.8.2/src'
Making install in rpm
make[1]: Entering directory `/root/ipsec-tools-0.8.2/rpm'
Making install in suse
make[2]: Entering directory `/root/ipsec-tools-0.8.2/rpm/suse'
make[3]: Entering directory `/root/ipsec-tools-0.8.2/rpm/suse'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/rpm/suse'
make[2]: Leaving directory `/root/ipsec-tools-0.8.2/rpm/suse'
make[2]: Entering directory `/root/ipsec-tools-0.8.2/rpm'
make[3]: Entering directory `/root/ipsec-tools-0.8.2/rpm'
make[3]: Nothing to be done for `install-exec-am'.
make[3]: Nothing to be done for `install-data-am'.
make[3]: Leaving directory `/root/ipsec-tools-0.8.2/rpm'
make[2]: Leaving directory `/root/ipsec-tools-0.8.2/rpm'
make[1]: Leaving directory `/root/ipsec-tools-0.8.2/rpm'
make[1]: Entering directory `/root/ipsec-tools-0.8.2'
make[2]: Entering directory `/root/ipsec-tools-0.8.2'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/root/ipsec-tools-0.8.2'
make[1]: Leaving directory `/root/ipsec-tools-0.8.2'
# echo $?
0



# racoon -V
@(#)ipsec-tools 0.8.2 (http://ipsec-tools.sourceforge.net)

Compiled with:
- OpenSSL 1.0.1e-fips 11 Feb 2013 (http://www.openssl.org/)
- IPv6 support
- Dead Peer Detection
- IKE fragmentation
- Hybrid authentication
- NAT Traversal
- Timing statistics
- Admin port
- Monotonic clock

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/