[Openswan Users] Problem KLIPS INSTALLATION :-)

conn intel connintel at gmail.com
Thu Nov 2 11:16:42 EST 2006 

Hello friends,

With your kind support i got my problem solved..

thank you.
Ankur.

On 11/2/06, conn intel <connintel at gmail.com> wrote:
>
> Hello friends,
>
> I am using the method in which ipsec.ko module generated from openswan
> rather then patching the kernel using klips patch.
>
> I am following the following steps as paul has mentioned nicely ::
>
> 1) Patch kernel using Natt
>
>     export KERNELSRC=/usr/src/linux-2.6.17
>     cd /home/software/openswan/openswan-2.4.6
>     make natt-patch > /usr/src/linux-2.6.17/natt.patch
>     cd /usr/src/kernel-source-2.6.8
>     patch -p1 -s < natt.patch
>
> RESULT :: Works successfully
>
> 2) Compiled kernel successfully. Then booting into new nattpatched kernel,
> compiled the openswan by enabling  USE_EXTRACRYPTO & USE_WEAKSTUFF flags.
>    Following by ::
>
>     make KERNELSRC=/usr/src/linux-2.6.17 programs module
>     make KERNELSRC=/usr/src/linux-2.6.17 install minstall
>
> RESULT :: success Compiled.
>
>   Now when I use combinations like ike=aes or 3des with esp=aes or 3des
> both works perfect,  but when i try to use b lowfish or twofish or serpentthey are giving the following
> error..
>
>  For Example :: using ike=blowfish and esp=blowfish i am getting following
> errormessage in /var/log/syslog :
>
>
>     Nov  2 23:58:53 localhost kernel: klips_info:ipsec_init: KLIPS
> startup, Openswan KLIPS IPsec stack version: 2.4.6
>     Nov  2 23:58:53 localhost kernel: NET: Registered protocol family 15
>     Nov  2 23:58:53 localhost kernel: klips_info:ipsec_alg_init: KLIPS alg
> v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
>     Nov  2 23:58:53 localhost kernel: klips_info:ipsec_alg_init: calling
> ipsec_alg_static_init()
>     Nov  2 23:58:53 localhost kernel: ipsec_aes_init(alg_type=15 alg_id=12
> name=aes): ret=0
>     Nov  2 23:58:53 localhost kernel: klips_debug: experimental
> ipsec_alg_AES_MAC not registered [Ok] (auth_id=0)
>     Nov  2 23:58:53 localhost kernel: ipsec_3des_init(alg_type=15 alg_id=3
> name=3des): ret=0
>     Nov  2 23:58:53 localhost ipsec_setup: KLIPS debug `none'
>     Nov  2 23:58:53 localhost kernel:
>     Nov  2 23:58:53 localhost ipsec_setup: KLIPS ipsec0 on eth0
> 192.168.1.4/255.0.0.0 broadcast 192.255.255.255
>     Nov  2 23:58:53 localhost ipsec_setup: ...Openswan IPsec started
>     Nov  2 23:58:53 localhost ipsec_setup: Starting Openswan IPsec 2.4.6..
> .
>     Nov  2 23:58:53 localhost ipsec_setup: WARNING: changing route
> filtering on eth0 (changing /proc/sys/net/ipv4/conf/eth0/rp_filter from 1 to
> 0)
>     Nov  2 23:58:53 localhost ipsec__plutorun: 003 "netone": requested
> kernel enc ealg_id=7 not present
>     Nov  2 23:58:53 localhost ipsec__plutorun: 003 "netone": requested
> kernel enc ealg_id=7 not present
>     Nov  2 23:58:53 localhost ipsec__plutorun: 034 "netone": can not
> initiate: no acceptable kernel algorithms loaded
>     Nov  2 23:58:53 localhost ipsec__plutorun: ...could not start conn
> "netone"
>
>   && using ike=1des and esp=aes getting following error ::
>
>     Nov  3 00:05:06 localhost ipsec__plutorun: 034 esp string error:
> enc_alg not found, enc_alg="1des", auth_alg="", modp=""
>
>
>
>   Now do i forgot any step or if there is any issue with the kernel.. Do
> kernel is not able to find the functions defined in the module or there is
> some problem with the openswan compiliation waiting for your suggestions.. I
> am using fresh sources for compilation.. :-)
>
>     Thank You.
>
>     Ankur.
>
>     More Information ::
>
>     debian:/home/software/openswan/openswan-2.4.6# ipsec verify
>     Checking your system to see if IPsec got installed and started
> correctly:
>     Version check and ipsec on-path                                 [OK]
>     Linux Openswan 2.4.6 (klips)
>     Checking for IPsec support in kernel                            [OK]
>     Checking for RSA private key (/etc/ipsec.secrets)               [OK]
>     Checking that pluto is running                                  [OK]
>     Checking for 'ip' command                                       [OK]
>     Checking for 'iptables' command                                 [OK]
>     Opportunistic Encryption Support
> [DISABLED]
>
>
>     debian:/home/software/openswan/openswan-2.4.6# ipsec setup restart
>     ipsec_setup: ERROR: Module ipsec is in use
>     ipsec_setup: Stopping Openswan IPsec...
>     ipsec_setup: Starting Openswan IPsec 2.4.6...
>
> On 10/31/06, Paul Wouters <paul at xelerance.com> wrote:
> >
> > On Mon, 30 Oct 2006, conn intel wrote:
> >
> > > Thanx... for quick reply..
> > >
> > > a) Do i also need to set CONFIG_KLIPS as (module or built in). ?
> > >
> > > b) Am I wrong ? I think there are two ipsec modules generated
> > > 1) By compiling the kernel with CONFIG_KLIPS as modules 2) By "make
> > > kernelsrc=/usr/src/linux-2.6.17 minstall install" which will copy the
> > > ipsec.ko to /lib/modules/...ipsec/ipsec.ko. And thus overwriting the
> > > ipsec.ko generated by compiled patched kernel.
> >
> > Either patch the kernel with the klips patch and use 'make config' to
> > configure it,
> > or don't patch the kernel with the klips patch and use openswan's make
> > module module_install,
> > but don't use both. also, regarless of the method, you will need to
> > patch your kernel for
> > with nat-t patch (and configure and rebuild kernel + modules).
> >
> > Paul
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061102/d07bc438/attachment.html

More information about the Users mailing list