[Openswan dev] Problems with openswan.
Dr Josef Karthauser
joe at tao.org.uk
Tue Apr 29 11:21:25 EDT 2014
I've implemented an openswan service (on linux), a IPSec/L2TP server (using xl2tpd).
It's working well, but periodically it wedges up and I need to restart the ipsec service.
It seems to be when traffic goes missing - i.e. I restart a firewall, etc. Seems like there's a state machine issue.
Where should I be looking?
Could it be that I'm using NETKEY and not KLIPS?
Apr 29 13:06:05 vpnserver ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
Apr 29 13:06:05 vpnserver kernel: [3022768.148543] AVX or AES-NI instructions are not detected.
Apr 29 13:06:05 vpnserver ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY
Apr 29 13:06:05 vpnserver ipsec_setup: Using NETKEY(XFRM) stack
More information about the Dev