<html>
<body>
Hi ... an other time!<br><br>
I have searched in the newsgroups for the question of ipsec0 (see my
previous message) ... but I didn't find anything.<br><br>
So ... I tried to compile klips module from openswan tarball. Now my red
hat enterprise's ipsec is running with that mudule
(<i>ipsec.o</i>).<br><br>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br>
[root@platoon etc]# service ipsec start<br>
ipsec_setup: Starting Openswan IPsec 2.1.1...<br>
ipsec_setup: Using /lib/modules/2.4.21-9.0.1.EL/kernel/ipsec.o<br><br>
[root@platoon etc]# tail -f /var/log/messages<br>
Mar 26 17:46:09 platoon ipsec_setup: Starting Openswan IPsec
2.1.1...<br>
Mar 26 17:46:09 platoon kernel: klips_info:ipsec_init: KLIPS startup,
FreeS/WAN IPSec version: 2.1.1<br>
Mar 26 17:46:09 platoon ipsec_setup: Using
/lib/modules/2.4.21-9.0.1.EL/kernel/ipsec.o<br>
Mar 26 17:46:09 platoon ipsec_setup: KLIPS debug `none'<br>
Mar 26 17:46:09 platoon kernel:<br>
Mar 26 17:46:09 platoon /etc/hotplug/net.agent: invoke ifup ipsec0<br>
Mar 26 17:46:09 platoon /etc/hotplug/net.agent: invoke ifup ipsec1<br>
Mar 26 17:46:09 platoon ipsec_setup: KLIPS ipsec0 on eth0
111.111.111.35/255.255.255.0 broadcast 111.111.111.255<br>
Mar 26 17:46:09 platoon /etc/hotplug/net.agent: invoke ifup ipsec3<br>
Mar 26 17:46:09 platoon /etc/hotplug/net.agent: invoke ifup ipsec2<br>
Mar 26 17:46:09 platoon ipsec_setup: ...Openswan IPsec started<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ipsec_auto: fatal error in
"packetdefault": %defaultroute requested but not known<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ipsec_auto: fatal error in
"block": %defaultroute requested but not known<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ipsec_auto: fatal error in
"clear-or-private": %defaultroute requested but not known<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ipsec_auto: fatal error in
"clear": %defaultroute requested but not known<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ipsec_auto: fatal error in
"private-or-clear": %defaultroute requested but not known<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ipsec_auto: fatal error in
"private": %defaultroute requested but not known<br>
Mar 26 17:46:10 platoon ipsec__plutorun: 021 no connection named
"packetdefault"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ...could not route conn
"packetdefault"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: 021 no connection named
"block"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ...could not route conn
"block"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: 021 no connection named
"clear-or-private"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ...could not route conn
"clear-or-private"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: 021 no connection named
"clear"<br>
Mar 26 17:46:10 platoon ipsec__plutorun: ...could not route conn
"clear"<br>
Mar 26 17:46:11 platoon ipsec__plutorun: 021 no connection named
"private-or-clear"<br>
Mar 26 17:46:11 platoon ipsec__plutorun: ...could not route conn
"private-or-clear"<br>
Mar 26 17:46:11 platoon ipsec__plutorun: 021 no connection named
"private"<br>
Mar 26 17:46:11 platoon ipsec__plutorun: ...could not route conn
"private"<br>
Mar 26 17:46:11 platoon ipsec__plutorun: 104 "conntest" #1:
STATE_MAIN_I1: initiate<br>
Mar 26 17:46:11 platoon ipsec__plutorun: ...could not start conn
"conntest" <br>
------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br><br>
With <i>ipsec auto --status</i> I sow that the SA was established. Now
the interface ipsec0 goes up ... BUT ... the result is the same.<br>
I haven't the route to the other lan by ipsec0 device.<br>
I tried do add it ... but packets don't go to the other side.<br><br>
With <i>tcpdump i -ipsec0</i> I can see only my lan request. Iptables'
rules are OK on the two side, I'm sure of this. At the other side (lan
with superfreeswan gw) it's the same.<br><br>
Could you help me on one of the two ways?<br>
{<br>
1. klips included in the kernel<br>
2. openswan module<br>
}<br><br>
Thanks !!!<br>
Bye, Morgan</body>
</html>