[Openswan Users]

"Félix Joussein" dawson-l at gmx.de
Tue Apr 6 16:17:28 CEST 2004


Hello everbody,

I have a problem regarding the combination of OpenSWAN 2.0.4 + Kernel
2.6.4:

Ipsec is comming up, SA is established, but:

1st:If I use crls.pem, pluto crashes, ipsec loops and in the message log I
get segmentation fault.
My solution was to work without the Revokation list, but this is not a
permanent solution.

2nd: I have modified my ipsec.conf from Freeswan 1.99 to work with 2.0.4.

version 2

The "config" section is as folconfig setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes

conn %default
        keyingtries=%forever
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        right=a.b.c.d
        rightcert=mykey.pem
        auto=start
        pfs=yes


I have realized, that with this configuration ipsec apearently rises tunnels
on all routes - and "ipsec whack --status" ends with:

000 123.174.22.178/32:0 -17-> 194.31.167.169/32:0 => %hold 0
%acquire-netlink
000 10.160.0.1/32:0 -1-> 10.160.0.5/32:0 => %hold 0    %acquire-netlink


What I don't understand as well - why does the ipsec0 -ipsec3 virtual
interfaces don't exist anymore under 2.6?

3rd: In the message log _updown script route-client output logs:

/usr/local/lib/ipsec/_updown: doroute `ip route add 10.0.0.0/8 via
195.61.161.131 dev eth0 ' failed (RTNETLINK answers:network unrechable

/usr/local/lib/ipsec/_updown: doroute `ip route add 195.61.161.131/32 via
195.61.161.131 dev eth0 ' failed (RTNETLINK answers: metwork unrechable


Can any one of you help me with this?

Thanks to any one who can help me making my ipsec running again!

Regards,
Spock!

-- 
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz



More information about the Users mailing list