[Openswan dev]
Openswan 2.1.1 does not auto-load the xfrm_user module
Nate Carlson
natecars at natecarlson.com
Wed Mar 31 13:15:17 CEST 2004
Hey all,
In some testing of Openswan 2.1.1 on Debian, I noticed that Openswan
doesn't check to make sure the xfrm_user module is loaded before starting.
If the module isn't loaded, and you try to bring up a tunnel, you get the
following error:
Mar 31 09:56:09 debiantest pluto[2253]: ERROR: "conn" #2: netlink write() of XFRM_MSG_ALLOCSPI message for Get SPI esp.0 at 65.193.16.104 failed. Errno 111: Connection refused
After loading the module, that problem goes away.
I do get errors on starting ipsec that it can't insert ipsec.o, so the
logic in the klips startup script isn't working somehow. Ah - took a
closer look at the _startklips script, it's doing:
modules=/proc/modules
[..]
if test -d $modules
[load modules]
/proc/modules is a file, not a directory.. changed that to test -f
$modules; works fine now. I've included a patch. Not positive that's the
right thing to do, so please review the problem before committing the
patch to cvs. :)
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
-------------- next part --------------
diff -Naur openswan-2.1.1/programs/_startklips/_startklips.in openswan-2.1.1.modules/programs/_startklips/_startklips.in
--- openswan-2.1.1/programs/_startklips/_startklips.in 2004-03-21 08:21:08.000000000 -0600
+++ openswan-2.1.1.modules/programs/_startklips/_startklips.in 2004-03-31 12:14:23.000000000 -0600
@@ -262,7 +262,7 @@
if test -f $kamepfkey
then
klips=false
- if test -d $modules
+ if test -f $modules
then
modprobe -qv ah4
modprobe -qv esp4
More information about the Dev
mailing list