[Openswan dev] FreeSwan/uClinux using pluto and whack: ipsec0 not found
aparna.dutta
aparna.dutta at jasmin-infotech.com
Tue Jan 29 00:47:37 EST 2008
Thanks Paul. I have been trying to build the ipsec.o/ipsec.ko module for the
uClinux port of FreeSwan. But I am not able to use the Makefiles to build
the module by setting the CONFIG_IPSEC option. It reports errors such as
looking for non-existent paths. So I am guessing that possibly the Makefiles
are not fully ported to suit an uClinux build environment.
I believe that the source files for the ipsec.o module are in
freeswan/klips/net/ipsec/. What commands can I use to directly build the
ipsec module from the source files and link them to the kernel?
Just for your information:
uClinux version : 2007R1
Based on Linux version: 2.6.11
Freeswan version: 1.92
Thanks and regards,
Aparna
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, January 24, 2008 11:46 PM
To: aparna.dutta
Cc: dev at openswan.org
Subject: Re: [Openswan dev] FreeSwan/uClinux using pluto and whack: ipsec0
not found
On Thu, 24 Jan 2008, aparna.dutta wrote:
You need the ipsec.o/ipsec.ko module which is the KLIPS kernel module.
Paul
> Date: Thu, 24 Jan 2008 18:51:11 +0530
> From: aparna.dutta <aparna.dutta at jasmin-infotech.com>
> To: <dev at openswan.org>
> Subject: [Openswan dev] FreeSwan/uClinux using pluto and whack: ipsec0 not
> found
>
>
>
> I am trying to get the uClinux ported Freeswan to work on Analog Devices
> BF561.
>
> Since the wrapper ipsec scripts are not available on uClinux FreeSwan, I
am
> trying to use pluto and whack commands directly as follows:
>
>
>
> $ pluto -interface ipsec0 &
>
> $ whack -debug-all
>
> $ whack -name westeast -id aa.bb.cc.dd -host aa.bb.cc.dd -to -id
pp.q.rr.ss
> -host -pp.qq.rr.ss -rsasig -tunnel -esp AES-MD5-2048
>
> $ whack -keyid pp.qq.rr.ss <PUBLICRSAKEYOFTHEOTHERHOST>
>
> $ whack -listen
>
>
>
> The first 4 commands are successful, but the last listen command gives:
>
> $ No public interfaces found
>
>
>
> Since this is freeswan, it must be using the KLIPS stack which requires
the
> ipsecN interface. So I try
>
> $ tncfg -attach -virtual ipsec0 -physical eth0
>
>
>
> This gives $ tncfg: Socket ioctl failed on attach. -No such device. Is the
> virtual device valid? Is the ipsec module linked into the kernel or loaded
> as module?
>
>
>
> The logs in /var/log/messages show:
>
>
>
> Found eth0 with address aa.bb.cc.dd
>
> IP interface eth0 with address aa.bb.cc.dd has no matching ipsec*
interface
> -ignored
>
> Found lo with address 0000:0000:.0001
>
> IP interface lo with address 000.0001 has no matching ipsec* interface
> -ignored
>
>
>
> This means that it is looking for an installed ipsec0 interface. How do I
go
> about registering/installing a virtual network interface ipsec0?
>
>
>
> Thanks and regards,
>
> Aparna
>
>
>
>
>
>
>
>
>
>
>
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20080129/996b9044/attachment.html
More information about the Dev
mailing list