<div dir="ltr"><br>Hello everybody,<br><br>I'm currently using openswan 2.4.9 over a self compiled linux kernel 2.6.18 with the Klips stack instead of netkey.<br><br>I'm trying to upgrade my kernel to the debian patched kernel 2.6.18 (wich include security patches that I need) and I would like to upgrade openswan in the same time.<br>
<br>I'm not sure of which new version to choose. What is the major differences between openswan 2.4.13 and 2.6.16? I remember having read somewhere on this list that "It is not recommend to upgrade to v2.6 as the openswan 2.6.x have ipsec.conf different, parameter mast= and other problems.... " and the changelog stops at <a href="http://2.4.13.">2.4.13.</a> <br>
<br>Are the 2.6.x development versions leadind to v3 ?<br><br><br>So I decided to use the most stable recent 2.4 version, I successfully compile openswan and klips 2.4.13 over the kernel and my tunnels seems to work properly. However when I try to stop ipsec, the klips module seems not to unload correctly and I got an error when unregistering ipsec0. This prevent my system to shutdown :<br>
<br>localhost:~# ipsec --version<br>Linux Openswan 2.4.13 (klips)<br><br>localhost:~# /etc/init.d/ipsec status<br>IPsec running - pluto pid: 1896<br>pluto pid 1896<br>1 tunnels up<br>some eroutes exist<br><br>Sep 16 07:57:27 localhost kernel: klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version: 2.4.13<br>
Sep 16 07:57:27 localhost kernel: NET: Registered protocol family 15<br>Sep 16 07:57:27 localhost kernel: klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)<br>Sep 16 07:57:27 localhost kernel: klips_info:ipsec_alg_init: calling ipsec_alg_static_init()<br>
Sep 16 07:57:27 localhost kernel: ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0<br>Sep 16 07:57:27 localhost kernel: ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0<br><br><br>When I try to stop : <br><br>localhost:~# /etc/init.d/ipsec stop<br>
Message from syslogd@localhost at Tue Sep 16 08:01:43 2008 ...<br>localhost kernel: unregister_netdevice: waiting for ipsec0 to become free. Usage count = -6<br>Message from syslogd@localhost at Tue Sep 16 08:02:14 2008 ...<br>
localhost last message repeated 3 times<br>Message from syslogd@localhost at Tue Sep 16 08:03:16 2008 ...<br>localhost last message repeated 6 times<br><br>running process :<br> 3913 pts/1 S+ 0:00 /bin/sh /etc/init.d/ipsec stop<br>
3914 pts/1 S+ 0:00 /bin/sh /usr/local/lib/ipsec/_realsetup stop<br> 3931 pts/1 D+ 0:00 rmmod ipsec<br><br>localhost:~# /etc/init.d/ipsec status<br>IPsec stopped<br>but...<br>has subsystem lock (/var/lock/subsys/ipsec)!<br>
localhost:~# lsmod | grep ipsec<br>ipsec 296584 0<br>localhost:~# ipsec --version<br>Linux Openswan U2.4.13/K(no kernel code presently loaded)<br><br>I could not get an ipsec barf after stopping ipsec as it freeze on the ifconfig command but I could send the barf when server is running if it could be usefull.<br>
<br>Any ideas?<br><br>Thanks a lot,<br><br>Jean-Michel.<br><br></div>