[Openswan dev] Openswan 2.1.1 does not auto-load the xfrm_user module

Nate Carlson natecars at natecarlson.com
Wed Mar 31 13:15:17 CEST 2004

Hey all,

In some testing of Openswan 2.1.1 on Debian, I noticed that Openswan 
doesn't check to make sure the xfrm_user module is loaded before starting. 
If the module isn't loaded, and you try to bring up a tunnel, you get the 
following error:

Mar 31 09:56:09 debiantest pluto[2253]: ERROR: "conn" #2: netlink write() of XFRM_MSG_ALLOCSPI message for Get SPI esp.0 at failed. Errno 111: Connection refused

After loading the module, that problem goes away.

I do get errors on starting ipsec that it can't insert ipsec.o, so the
logic in the klips startup script isn't working somehow. Ah - took a
closer look at the _startklips script, it's doing:

	if test -d $modules
	[load modules]

/proc/modules is a file, not a directory.. changed that to test -f
$modules; works fine now. I've included a patch. Not positive that's the
right thing to do, so please review the problem before committing the
patch to cvs.  :)

| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
-------------- next part --------------
diff -Naur openswan-2.1.1/programs/_startklips/_startklips.in openswan-2.1.1.modules/programs/_startklips/_startklips.in
--- openswan-2.1.1/programs/_startklips/_startklips.in	2004-03-21 08:21:08.000000000 -0600
+++ openswan-2.1.1.modules/programs/_startklips/_startklips.in	2004-03-31 12:14:23.000000000 -0600
@@ -262,7 +262,7 @@
 if test -f $kamepfkey
-	if test -d $modules
+	if test -f $modules
 	modprobe -qv ah4
 	modprobe -qv esp4

More information about the Dev mailing list