[Openswan dev] Problems with openswan.

Dr Josef Karthauser joe at tao.org.uk
Tue Apr 29 11:21:25 EDT 2014


Hi there,

I've implemented an openswan service (on linux), a IPSec/L2TP server (using xl2tpd).

It's working well, but periodically it wedges up and I need to restart the ipsec service.

It seems to be when traffic goes missing - i.e. I restart a firewall, etc. Seems like there's a state machine issue.

Where should I be looking?

Could it be that I'm using NETKEY and not KLIPS?

Apr 29 13:06:05 vpnserver ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
Apr 29 13:06:05 vpnserver kernel: [3022768.148543] AVX or AES-NI instructions are not detected.
Apr 29 13:06:05 vpnserver ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY
Apr 29 13:06:05 vpnserver ipsec_setup: Using NETKEY(XFRM) stack


Joe


More information about the Dev mailing list