<div dir="ltr"><br>Thanks Paul,<br><br>First sorry for the delay to answer.<br><br>You're right it come from the 2.4.13 klips stack. I've compiled 2 versions, using the same server, same kernel, same openswan version and here is the result :<br>
<br>localhost:~# ipsec --version<br>Linux Openswan U2.4.13/K2.4.12 (klips)<br>See `ipsec --copyright' for copyright information.<br>localhost:~# /etc/init.d/ipsec stop<br>ipsec_setup: Stopping Openswan IPsec...<br>localhost:~# ipsec --version<br>
Linux Openswan U2.4.13/K(no kernel code presently loaded)<br>See `ipsec --copyright' for copyright information.<br><br><br>localhost:~# ipsec --version<br>Linux Openswan 2.4.13 (klips)<br>See `ipsec --copyright' for copyright information.<br>
localhost:~# /etc/init.d/ipsec stop<br>Message from syslogd@localhost at Wed Sep 17 15:35:02 2008 ...<br>localhost kernel: unregister_netdevice: waiting for ipsec0 to become free. Usage count = -2<br><br>However there is not a lot of differencies between the two versions, appart some special code for kernel 2.6.24, and the proc_net renamed LINUX_PROCNET, so I'm a bit confusing.<br>
<br>I'll try to make some test modifiyng the code tommorrow.<br><br>Jean-Michel.<br><br><br><div class="gmail_quote">2008/9/16 Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Tue, 16 Sep 2008, Jean-Michel Bonnefond wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm currently using openswan 2.4.9 over a self compiled linux kernel 2.6.18 with the Klips stack instead of netkey.<br>
<br>
I'm trying to upgrade my kernel to the debian patched kernel 2.6.18 (wich include security patches that I need) and I<br>
would like to upgrade openswan in the same time.<br>
<br>
I'm not sure of which new version to choose.<br>
</blockquote>
<br></div>
Pick <a href="http://2.4.13." target="_blank">2.4.13.</a> It should work fine on 2.6.18 kernels. Unless you need IKEv2 functionality (not likely) or hardware<br>
crypto offload.<div class="Ih2E3d"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
What is the major differences between openswan 2.4.13 and 2.6.16?<br>
</blockquote>
<br></div>
2.4.13 is the last of the 2.4 series. 2.6.x still has a few small bugs. It might not hit you, but you<br>
can avoid them for now by using <a href="http://2.4.13." target="_blank">2.4.13.</a><div class="Ih2E3d"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Are the 2.6.x development versions leadind to v3 ?<br>
</blockquote>
<br></div>
3.x is currently a side branch. Ideally it will merged into the 2.6 tree. But it all depends a bit on where<br>
crypto hardware acceleration in the Linux kernel is going to. (OCF vs acrypto)<div class="Ih2E3d"><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
localhost:~# /etc/init.d/ipsec stop<br>
Message from syslogd@localhost at Tue Sep 16 08:01:43 2008 ...<br>
localhost kernel: unregister_netdevice: waiting for ipsec0 to become free. Usage count = -6<br>
</blockquote>
<br></div>
That looks like a KLIPS bug.... You could try comparing some code, but it's probably not an easy<br>
bug to find and fix.<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br></div>