<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>ipsec.conf.<div><br></div><div><div>version 2.0</div><div><br></div><div>config setup</div><div> interfaces=ipsec0=eth1</div><div> klipsdebug=none</div><div> plutodebug=none</div><div> uniqueids=yes</div><div> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.44.0/24</div><div><span style="font-size: 12pt;"> nat_traversal=yes</span></div><div> nhelpers=0</div><div><br></div><div><div>conn connection-10.50.10.129-10.50.11.95-0</div><div> right=10.50.11.95</div><div> left=10.50.10.129</div><div> #rightnexthop=10.50.0.0</div><div> #leftnexthop=10.50.0.0</div><div> authby=rsasig</div><div> rightid="xxxx"</div><div> leftid="xxxx"</div><div> leftsubnet=192.168.44.1/24</div><div> rightsubnet=192.168.164.0/24</div><div> auto=start</div><div> ikelifetime=600s</div><div> keylife=600s</div><div> dpddelay=60</div><div> dpdtimeout=180</div><div> dpdaction=restart_by_peer</div><div> leftupdown=""</div><div> pfs=no</div><div> leftcert=/etc/pki/TrustOS/identity.crt</div><div> leftca=/etc/ipsec.d/cacerts/tw-bundle.crt</div><div> ike=3des-md5;modp1536</div><div> phase2alg=3des-md5;modp1536</div></div><div><br></div><div>-Feng</div><br><div><hr id="stopSpelling">From: freedai@hotmail.com<br>To: users@lists.openswan.org<br>Date: Mon, 4 May 2015 12:13:33 -0700<br>Subject: [Openswan Users] Couldn't start up tunnel in openswan 2.6.43 (klips)<br><br>
<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style>
<div dir="ltr">Hello there,<div><br></div><div>I have ipsec.conf used to work with 2.6.41. After I upgraded to 2.6.43, it failed to start up tunnel. </div><div><br></div><div><div>May 4 19:01:34 vpn-spoke-03 pluto[7434]: address family inconsistency in this connection=2 host=2/nexthop=0</div><div><span style="font-size:12pt;">May 4 19:01:34 vpn-spoke-03 pluto[7434]: attempt to load incomplete connection</span></div><div><br></div><div>After I added left/rightnexthop, it could work. %defaultroute didn't work though. I have to put in specific IP. </div><div><span style="font-size:12pt;"> #rightnexthop=10.50.10.129</span></div><div><div> #leftnexthop=10.50.11.95</div></div><div><span style="font-size:12pt;">So my question is would nexthop be required from now on? Or will it be fixed in next release and when will be the release if this is a bug?</span></div><div><br></div><div><span style="font-size:12pt;">BTW, I believe there's a bug in pfkey_v2.c. 2.6.43 compile out the creation of pk_key but it still have cleanup of pk_key. So I can see kernal panic when stopping the service.</span></div><div><span style="font-size:12pt;">---- pfkey_init ----</span></div><div><div>#if 0</div><div> /* XXX - does anyone actually use this interface at all? */</div><div>#ifdef CONFIG_PROC_FS</div><div> {</div><div> struct proc_dir_entry* entry;</div><div><br></div><div> entry = create_proc_entry ("pf_key", 0, init_net.proc_net);</div><div> entry->read_proc = pfkey_get_info;</div><div> entry = create_proc_entry ("pf_key_supported", 0, init_net.proc_net);</div><div> entry->read_proc = pfkey_supported_get_info;</div><div> entry = create_proc_entry ("pf_key_registered", 0, init_net.proc_net);</div><div> entry->read_proc = pfkey_registered_get_info;</div><div> }</div><div>#endif /* CONFIG_PROC_FS */</div><div>#endif</div></div><div><br></div><div>---- pfkey_cleanup ----</div><div><div>#ifdef CONFIG_PROC_FS</div><div> remove_proc_subtree("pf_key", init_net.proc_net);</div><div> remove_proc_subtree("pf_key_supported", init_net.proc_net);</div><div> remove_proc_subtree("pf_key_registered", init_net.proc_net);</div><div>#endif /* CONFIG_PROC_FS */</div></div><div><br></div><div><span style="font-family:'Courier New', Courier, monospace;font-size:10pt;">Thanks. - Feng</span></div></div> </div>
<br></div></div> </div></body>
</html>