<br>
<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Your barfs show KLIPS is being used, so you are using it.<br>
I assume you did "make module module_install" with openswan,<br>
so then you would not have cryptoapi support with klips.</blockquote><div> </div><div>yes, I did an 'make module' and an 'make minstall' in openswan, in reality I'm using an openswan.spec to create an rpm package.<br>
I'm using the ipsec kernel module.<br>
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><br></div>
It shows one strange thing. You have both ipsecX and mastX interfaces.<br>
You're supposed to only have one or the other.<br>
<br>
Could you try these two things:<br>
<br>
- Try actually using just mastX, by using protostack=mast instead of<br>
protostack=klips<br>
<br>
If that fails, try recompiling the openswan userland with USE_MAST=no<font color="#888888"></font></blockquote><div> <br><br></div><div>With protostack=mast the tunnel was established, but no eroute appeared , and ping fail.<br>
<br>I've tried to compile with USE_MAST=no or USE_MAST=false enviorment vaeriable, but 'ipsec barf' yet shows mast and mast interface is present in "/proc/net/dev".<br><br>
<br><br>Thanks,<br>Regards,<br></div></div>---<br>Sérgio Cioban Filho - LPIC1<br>------------------------------------------------------------<br>| Linux - Servidores - Firewall - VPN<br>| Virtualização - VoIP - ShellScript - C - PHP <br>
| <a href="http://cioban.googlepages.com" target="_blank">http://cioban.googlepages.com</a><br>| +55 48 9989-8733<br>------------------------------------------------------------<br>..:: Seja livre, use LiNuX!! ::..