<br>I'm using the default centos kernel.<br><br>My kernel configuration is:<br>[cioban@dev26 openswan-2.6.18]$ egrep CRYPTO.*=y /boot/config-2.6.18-53.1.13.el5 <br>CONFIG_CRYPTO=y<br>CONFIG_CRYPTO_HMAC=y<br>CONFIG_CRYPTO_SHA1=y<br>
CONFIG_CRYPTO_CRC32C=y<br>CONFIG_CRYPTO_SIGNATURE=y<br>CONFIG_CRYPTO_SIGNATURE_DSA=y<br>CONFIG_CRYPTO_MPILIB=y<br>CONFIG_CRYPTO_DEV_PADLOCK_AES=y<br><br>Have no KLIPS configuration in my kernel...<br>I'm running the same code at each end.<br>
<br>The 'ipsec barf' not shows anything wrong... (see attachments)<br><br>Thanks,<br>Regards,<br clear="all">---<br>Sérgio Cioban Filho - LPIC1<br>------------------------------------------------------------<br>| Linux - Servidores - Firewall - VPN<br>
| Virtualização - VoIP - ShellScript - C - PHP <br>| <a href="http://cioban.googlepages.com">http://cioban.googlepages.com</a><br>| +55 48 9989-8733<br>------------------------------------------------------------<br>..:: Seja livre, use LiNuX!! ::..<br>
<br><br><div class="gmail_quote">On Tue, Dec 2, 2008 at 10:06 AM, David McCullough <span dir="ltr"><<a href="mailto:David_Mccullough@securecomputing.com">David_Mccullough@securecomputing.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Jivin Sergio Cioban Filho lays it down ...<br>
<div class="Ih2E3d">> Hi David,<br>
><br>
> I don't know if I'm using KLIPS+ALG support. How I do to check this?<br>
<br>
</div>The config options for your kernel will tell us:<br>
<br>
egrep KLIPS.*=y linux-2.6.*/.config<br>
egrep CRYPTO.*=y linux-2.6.*/.config<br>
<div class="Ih2E3d"><br>
> In my testing my tunnel is also up fine, but can't receive packets from the<br>
> remote end. TX error count is increased in local ipsec0 interface when i try<br>
> sent packets to remote end.<br>
<br>
</div>Yes the TX count will go up, but the packets are junked.<br>
Are you running the same code at each end ? If so, then you may not<br>
see traffic in one direction but not the other.<br>
<br>
Lets check your config first. If the following are not set:<br>
<br>
CONFIG_KLIPS_ALG=y<br>
CONFIG_KLIPS_ENC_CRYPTOAPI=y<br>
<br>
then an 'ipsec barf' would be the next thing to get.<br>
<br>
Cheers,<br>
Davidm<br>
<div class="Ih2E3d"><br>
> On Mon, Dec 1, 2008 at 9:01 PM, David McCullough <<br>
> <a href="mailto:David_Mccullough@securecomputing.com">David_Mccullough@securecomputing.com</a>> wrote:<br>
><br>
> ><br>
> > Jivin Paul Wouters lays it down ...<br>
> > > On Mon, 1 Dec 2008, Sergio Cioban Filho wrote:<br>
> > ><br>
> > > > Thanks for yor answer.<br>
> > > > I've tried to use version 2.6.19, but same error has ocurred.<br>
> > > > The SELinux has disabled.<br>
> > > > The output of ipsec barf is attached.<br>
> > ><br>
> > > I don't see anything wrong. Are you using ping -I ? since you did not<br>
> > > add leftsourceip= and rightsourceip= ?<br>
> ><br>
> > I am looking at a problem in this area.<br>
> ><br>
> > Are you using KLIPS + ALG support ?<br>
> ><br>
> > In my testing the tunnel is up fine, can receive packets from the<br>
> > remote end ok, but if you turn on debug at the remote end the packets being<br>
> > by KLIPS+ALG are not healthy.<br>
> ><br>
> > Can you check packets coming the other way ?<br>
> ><br>
> > Cheers,<br>
> > Davidm<br>
> ><br>
> > --<br>
> > David McCullough, <a href="mailto:david_mccullough@securecomputing.com">david_mccullough@securecomputing.com</a>, Ph:+61<br>
> > 734352815<br>
> > Secure Computing - SnapGear <a href="http://www.uCdot.org" target="_blank">http://www.uCdot.org</a><br>
> > <a href="http://www.snapgear.com" target="_blank">http://www.snapgear.com</a><br>
> ><br>
<br>
</div>--<br>
<div><div></div><div class="Wj3C7c">David McCullough, <a href="mailto:david_mccullough@securecomputing.com">david_mccullough@securecomputing.com</a>, Ph:+61 734352815<br>
Secure Computing - SnapGear <a href="http://www.uCdot.org" target="_blank">http://www.uCdot.org</a> <a href="http://www.snapgear.com" target="_blank">http://www.snapgear.com</a><br>
</div></div></blockquote></div><br>