Vermyndax
04-01-2003, 10:56 PM
These instructions make several assumptions. You should review these assumptions to make sure they apply and adjust to your situation accordingly. If you don't, you're likely to end up with an unbootable system. I certainly cannot be held responsible for that and I certainly cannot figure out how to get you out of it if you screw up. I'm a linux newbie for the most part and to be quite honest, this is the first time I've had a successful kernel recompile to fix a problem.
I like the Debian method better instead of the "old way," so my instructions go about it the "Debian Way."
Now then...
HOW TO MAKE MPPE ENCRYPTION WORK WITH KNOPPIX 3.2
Assumptions:
- You're using a version of Knoppix 3.2
- You're using a version of Knoppix 3.2 that does NOT include an MPPE patch (dates 3-28 and lower for sure).
- You're using ext3 as the primary filesystem on all of your Knoppix partitions.
IMPORTANT: If you're using XFS or something other than ext3, you NEED TO BE AWARE OF THIS AND ADJUST THESE INSTRUCTIONS ACCORDINGLY!
- You are familiar with the use of apt-get
- You know what will happen when you install a new kernel (i.e. you will need to recompile any goofy modules you added... like NVidia drivers or alsasound)
- You know how to use "pon <peer>" commands in Debian to connect to a VPN.
- You know what MPPE encryption is and why you need it (if you're not aware of this, it's a Microsoft-centric encryption scheme that allows you to connect to Win2k VPN servers)
- You are familiar with the problem posed by MPPE not being in Knoppix 3.2.
PROBLEM: MPPE is required to VPN (using pptp-linux) into any default-configured Win2k server. You have two choices to get around this - either completely disable the encryption requirements on the Win2k servers you're trying to connect to (not advised) or install a patch to your kernel to support MPPE. This document assumes you want to go with the second choice - patch your kernel to support MPPE.
I don't know if Knoppix 3.2 will ever have MPPE patched into the kernel (likely not, due to legality reasons). If Klaus does include it in the future, excellent - throw this document away.
ON WITH THE INSTRUCTIONS
NOTE: Any line with "# " in front of it means you should type that command at a prompt. I've found that it's best to do all of this as root in a console session or in a screen session, so start by logging in as root on a console.
CTRL-ALT-F1 to go to a console
login as root
password (whatever password you specified for root)
# cd /usr/src
# apt-get install kernel-source-2.4.20
(let it install without errors)
# apt-get install kernel-patch-mppe
(let it install without errors - may install kernel-patch-scripts also as a dependency)
# apt-get install kernel-patch-xfs
# apt-get install ash
(IMPORTANT: apt-get will tell you it's going to kill knoppix-ash. Let it do this. I don't think you have a choice. Someone may correct me on that in the future!)
# ls -la
# bunzip2 kernel-source-2.4.20.tar.bz2
# tar -xvf kernel-source-2.4.20
(let it run)
# rm linux
(answer yes with a 'y')
# ln -s /usr/src/kernel-source-2.4.20 linux
(these last two commands delete the link to your old kernel sources and then link to the new ones)
TIME TO PATCH
# cd /usr/src
(just in case you strayed from there)
# /usr/src/kernel-patches/all/apply/mppe
(should spout off some stuff, make sure there's no errors)
# /usr/src/kernel-patches/all/apply/xfs
(should spout off some stuff, make sure there's no errors)
# patch -p0 < knoppix-kernel.patch
(REQUIRED or else your Knoppix 3.2 will be UNHAPPY)
# cd linux
# patch -p1 < /usr/src/linux-2.4.20-ptrace.patch
(REQUIRED to get rid of latest security vulnerability! Knoppix 3.2 versions BELOW 3-28-03 MAY NOT HAVE THIS FILE! If not, GET IT!)
Now that all patches have run successfully, it's time to start getting deep into it.
# cd /usr/src/linux
(just in case you strayed again)
# cp /boot/config-2.4.20-xfs /usr/src/linux/.config
# make menuconfig
Now you'll be presented with a list of options. Arrow keys are your friend here. It's VERY IMPORTANT to follow directions in this screen (especially if you don't know what you're doing like me).
Arrow-down to "Networking device support"
Hit <enter>
Arrow-down to "PPP MPPE encryption"
Hit "m" to make this a loadable module
Hit ESC (now you're back at the main menu)
Arrow-down to "File Systems"
Hit <enter>
Find "Ext3 Journalling file system support", arrow-down to it
Hit "y" to compile this in to the kernel
Hit ESC
Hit ESC
Yes, you do want to save your configuration. Select YES and hit enter to exit.
# vi Makefile
Arrow down to "EXTRAVERSION="
Hit "i" to go into insert mode
Hit "End" to go to the end of that sentence
Put at the end of this line "-xfs-<whatever-you-want>"
(Here, I put "-xfs-2003040102". That would make my kernel name "2.4.20-xfs-2003040102". That string of numbers is YYYYMMDDnn, where nn = version number of my attempt)
Hit ESC
Hit ":"
Type "wc" and hit <enter> to save
# cd /usr/src/linux/include/linux
# vi ppp-comp.h
Hit "/" to enter search mode
Type "CCP_MAX_OPTION_LENGTH"
Hit <enter>
VI takes you to where it finds "CCP_MAX_OPTION_LENGTH"
Hit "i" to enter insert mode
Hit "end" to go to the end of that line
Change "64" to "128"
(IMPORTANT: do this to avoid connection problems later!)
Hit ESC
Hit ":"
Type "wc" and hit <enter> to save.
NOW IT'S TIME TO COMPILE!
Your main configuration is finished. Time to recompile.
# cd /usr/src/linux
# make-kpkg clean
(Wait about 10 seconds)
# make-kpkg kernel-image
Now, go order a pizza. This took 45 minutes to compile on my 2.26ghz Pentium 4. About the same for my other AthlonXP 1800.
What this does is cause Debian to do all the normal kernel compiling commands, then make a .deb package for you to install.
When it's done, you want to install the image:
# cd /usr/src
# ls *.deb
You will see the .deb file there. Note the name of it.
# dpkg -i <name of your new deb file>
DPKG will ask you some questions. Just answer with the defaults provided and you should be okie. It may cough up an error about LILO, this is fine too because we will want to manually correct LILO anyway.
When install is done...
# cd /etc
# vi lilo.conf
Edit your lilo.conf to include a new entry for your new kernel. Copy the information for your old kernel WITH THE EXCEPTION of the initrd= line. You can skip that line since we compiled ext3 into the kernel. I had been making an initrd previously, but the kernels failed whenever I did this.
I hope that for your sake you know what you're doing when you edit this lilo.conf. If you get something wrong, lilo won't let you rewrite the boot sector.
To make lilo accept your changes:
# lilo
Lilo should tell you it added your entries successfully. If not, you mistyped something in lilo.conf. Go fix it.
Now, let's put MPPE in as a module.
# cd /etc
# vi modules
Go to the end of this file.
Hit "i" to enter insert mode.
Type "ppp_mppe" and hit ESC.
Type ":"
Type "wc" and hit <enter> to save.
This will make ppp_mppe load after your kernel boots.
Now:
# shutdown -r now
...to reboot. Catch lilo when it comes back up and select your new kernel.
IF IT BOOTS:
You're STILL NOT DONE!
YOU MUST install this package here:
http://www.craig-wood.com/nick/ppp_2.4.1.uus.mppe-4_i386.deb
Install that package.
You're almost done... now:
# cd /etc/ppp
# vi options
Hit "i" to enter insert mode
Go to a blank line somewhere in this file and enter three lines:
mppe-128
mppe-40
mppe-stateless
Hit ESC
Hit ":"
Type "wc" and hit <enter>
At this point, you should be able to "pon <whoever>" and use MPPE encryption!
Don't forget you will likely need to reinstall your video drivers and any other custom modules you added after installing Knoppix 3.2. Sucks, but that's part of Linux baybee.
Special thanks to FabianX, KaiL, and Jamin in #knoppix for encouragement, company, and help.
More special thanks to knopper and alextreme for such a wonderful distribution of Linux that I can actually USE!
--Alexander
"Vermyndax"
alexander@red-abstract.com
I like the Debian method better instead of the "old way," so my instructions go about it the "Debian Way."
Now then...
HOW TO MAKE MPPE ENCRYPTION WORK WITH KNOPPIX 3.2
Assumptions:
- You're using a version of Knoppix 3.2
- You're using a version of Knoppix 3.2 that does NOT include an MPPE patch (dates 3-28 and lower for sure).
- You're using ext3 as the primary filesystem on all of your Knoppix partitions.
IMPORTANT: If you're using XFS or something other than ext3, you NEED TO BE AWARE OF THIS AND ADJUST THESE INSTRUCTIONS ACCORDINGLY!
- You are familiar with the use of apt-get
- You know what will happen when you install a new kernel (i.e. you will need to recompile any goofy modules you added... like NVidia drivers or alsasound)
- You know how to use "pon <peer>" commands in Debian to connect to a VPN.
- You know what MPPE encryption is and why you need it (if you're not aware of this, it's a Microsoft-centric encryption scheme that allows you to connect to Win2k VPN servers)
- You are familiar with the problem posed by MPPE not being in Knoppix 3.2.
PROBLEM: MPPE is required to VPN (using pptp-linux) into any default-configured Win2k server. You have two choices to get around this - either completely disable the encryption requirements on the Win2k servers you're trying to connect to (not advised) or install a patch to your kernel to support MPPE. This document assumes you want to go with the second choice - patch your kernel to support MPPE.
I don't know if Knoppix 3.2 will ever have MPPE patched into the kernel (likely not, due to legality reasons). If Klaus does include it in the future, excellent - throw this document away.
ON WITH THE INSTRUCTIONS
NOTE: Any line with "# " in front of it means you should type that command at a prompt. I've found that it's best to do all of this as root in a console session or in a screen session, so start by logging in as root on a console.
CTRL-ALT-F1 to go to a console
login as root
password (whatever password you specified for root)
# cd /usr/src
# apt-get install kernel-source-2.4.20
(let it install without errors)
# apt-get install kernel-patch-mppe
(let it install without errors - may install kernel-patch-scripts also as a dependency)
# apt-get install kernel-patch-xfs
# apt-get install ash
(IMPORTANT: apt-get will tell you it's going to kill knoppix-ash. Let it do this. I don't think you have a choice. Someone may correct me on that in the future!)
# ls -la
# bunzip2 kernel-source-2.4.20.tar.bz2
# tar -xvf kernel-source-2.4.20
(let it run)
# rm linux
(answer yes with a 'y')
# ln -s /usr/src/kernel-source-2.4.20 linux
(these last two commands delete the link to your old kernel sources and then link to the new ones)
TIME TO PATCH
# cd /usr/src
(just in case you strayed from there)
# /usr/src/kernel-patches/all/apply/mppe
(should spout off some stuff, make sure there's no errors)
# /usr/src/kernel-patches/all/apply/xfs
(should spout off some stuff, make sure there's no errors)
# patch -p0 < knoppix-kernel.patch
(REQUIRED or else your Knoppix 3.2 will be UNHAPPY)
# cd linux
# patch -p1 < /usr/src/linux-2.4.20-ptrace.patch
(REQUIRED to get rid of latest security vulnerability! Knoppix 3.2 versions BELOW 3-28-03 MAY NOT HAVE THIS FILE! If not, GET IT!)
Now that all patches have run successfully, it's time to start getting deep into it.
# cd /usr/src/linux
(just in case you strayed again)
# cp /boot/config-2.4.20-xfs /usr/src/linux/.config
# make menuconfig
Now you'll be presented with a list of options. Arrow keys are your friend here. It's VERY IMPORTANT to follow directions in this screen (especially if you don't know what you're doing like me).
Arrow-down to "Networking device support"
Hit <enter>
Arrow-down to "PPP MPPE encryption"
Hit "m" to make this a loadable module
Hit ESC (now you're back at the main menu)
Arrow-down to "File Systems"
Hit <enter>
Find "Ext3 Journalling file system support", arrow-down to it
Hit "y" to compile this in to the kernel
Hit ESC
Hit ESC
Yes, you do want to save your configuration. Select YES and hit enter to exit.
# vi Makefile
Arrow down to "EXTRAVERSION="
Hit "i" to go into insert mode
Hit "End" to go to the end of that sentence
Put at the end of this line "-xfs-<whatever-you-want>"
(Here, I put "-xfs-2003040102". That would make my kernel name "2.4.20-xfs-2003040102". That string of numbers is YYYYMMDDnn, where nn = version number of my attempt)
Hit ESC
Hit ":"
Type "wc" and hit <enter> to save
# cd /usr/src/linux/include/linux
# vi ppp-comp.h
Hit "/" to enter search mode
Type "CCP_MAX_OPTION_LENGTH"
Hit <enter>
VI takes you to where it finds "CCP_MAX_OPTION_LENGTH"
Hit "i" to enter insert mode
Hit "end" to go to the end of that line
Change "64" to "128"
(IMPORTANT: do this to avoid connection problems later!)
Hit ESC
Hit ":"
Type "wc" and hit <enter> to save.
NOW IT'S TIME TO COMPILE!
Your main configuration is finished. Time to recompile.
# cd /usr/src/linux
# make-kpkg clean
(Wait about 10 seconds)
# make-kpkg kernel-image
Now, go order a pizza. This took 45 minutes to compile on my 2.26ghz Pentium 4. About the same for my other AthlonXP 1800.
What this does is cause Debian to do all the normal kernel compiling commands, then make a .deb package for you to install.
When it's done, you want to install the image:
# cd /usr/src
# ls *.deb
You will see the .deb file there. Note the name of it.
# dpkg -i <name of your new deb file>
DPKG will ask you some questions. Just answer with the defaults provided and you should be okie. It may cough up an error about LILO, this is fine too because we will want to manually correct LILO anyway.
When install is done...
# cd /etc
# vi lilo.conf
Edit your lilo.conf to include a new entry for your new kernel. Copy the information for your old kernel WITH THE EXCEPTION of the initrd= line. You can skip that line since we compiled ext3 into the kernel. I had been making an initrd previously, but the kernels failed whenever I did this.
I hope that for your sake you know what you're doing when you edit this lilo.conf. If you get something wrong, lilo won't let you rewrite the boot sector.
To make lilo accept your changes:
# lilo
Lilo should tell you it added your entries successfully. If not, you mistyped something in lilo.conf. Go fix it.
Now, let's put MPPE in as a module.
# cd /etc
# vi modules
Go to the end of this file.
Hit "i" to enter insert mode.
Type "ppp_mppe" and hit ESC.
Type ":"
Type "wc" and hit <enter> to save.
This will make ppp_mppe load after your kernel boots.
Now:
# shutdown -r now
...to reboot. Catch lilo when it comes back up and select your new kernel.
IF IT BOOTS:
You're STILL NOT DONE!
YOU MUST install this package here:
http://www.craig-wood.com/nick/ppp_2.4.1.uus.mppe-4_i386.deb
Install that package.
You're almost done... now:
# cd /etc/ppp
# vi options
Hit "i" to enter insert mode
Go to a blank line somewhere in this file and enter three lines:
mppe-128
mppe-40
mppe-stateless
Hit ESC
Hit ":"
Type "wc" and hit <enter>
At this point, you should be able to "pon <whoever>" and use MPPE encryption!
Don't forget you will likely need to reinstall your video drivers and any other custom modules you added after installing Knoppix 3.2. Sucks, but that's part of Linux baybee.
Special thanks to FabianX, KaiL, and Jamin in #knoppix for encouragement, company, and help.
More special thanks to knopper and alextreme for such a wonderful distribution of Linux that I can actually USE!
--Alexander
"Vermyndax"
alexander@red-abstract.com