[Openswan dev] [Openswan Users] Ipsec configuration Lucent VPN Gateway with OpenSwan or others (Lucent IPSec Client 9.2.0 in Windows XP)
Michael H. Warfield
mhw at WittsEnd.com
Thu Feb 25 14:08:30 EST 2010
On Thu, 2010-02-25 at 11:51 -0500, Michael H. Warfield wrote:
> Paul, et al.
> Ok... Adding the dev at openswan.org list to this one at this point.
And of course NOW I see there was a patch posted to this list for that
exact problem back in January... Got it.
> I've finally isolated the problem down with OpenSwan 2.6.23 and 2.6.24
> failing to talk with the Cisco ASA 3000. Symptoms are the connection
> comes up but we can't ping across the tunnel and there are no tunnel
> related addresses or routes in the tables. Debugging "_updown.netkey"
> revealed that it was failing to add the addresses and routes with "ip
> addr replace" and "ip route replace" both returning "RTNETLINK:
> Operation not permitted". Disabling selinux didn't help so I went
> hunting down anything to do with capabilities and found that there had
> been some changes in 2.6.23 to do with LIBCAP_NG. Found that Fedora has
> "%define USE_LIBCAP_NG 1" in the spec file for building the rpms.
> Changed that to "%define USE_LIBCAP_NG 0" and rebuild and it now works.
> So something appears to be broken in dropping capabilities in pluto at
> this time. Code looked right to me but it's definitely no workie and
> making that change to not do that fixed the problem I was seeing where
> 2.6.22 worked on Ubuntu and 2.6.23/4 failed on Fedora.
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20100225/80fbe917/attachment.bin
More information about the Dev