[Openswan Users]
"Félix Joussein"
dawson-l at gmx.de
Tue Apr 6 16:17:28 CEST 2004
Hello everbody,
I have a problem regarding the combination of OpenSWAN 2.0.4 + Kernel
2.6.4:
Ipsec is comming up, SA is established, but:
1st:If I use crls.pem, pluto crashes, ipsec loops and in the message log I
get segmentation fault.
My solution was to work without the Revokation list, but this is not a
permanent solution.
2nd: I have modified my ipsec.conf from Freeswan 1.99 to work with 2.0.4.
version 2
The "config" section is as folconfig setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
uniqueids=yes
conn %default
keyingtries=%forever
compress=yes
disablearrivalcheck=no
authby=rsasig
right=a.b.c.d
rightcert=mykey.pem
auto=start
pfs=yes
I have realized, that with this configuration ipsec apearently rises tunnels
on all routes - and "ipsec whack --status" ends with:
000 123.174.22.178/32:0 -17-> 194.31.167.169/32:0 => %hold 0
%acquire-netlink
000 10.160.0.1/32:0 -1-> 10.160.0.5/32:0 => %hold 0 %acquire-netlink
What I don't understand as well - why does the ipsec0 -ipsec3 virtual
interfaces don't exist anymore under 2.6?
3rd: In the message log _updown script route-client output logs:
/usr/local/lib/ipsec/_updown: doroute `ip route add 10.0.0.0/8 via
195.61.161.131 dev eth0 ' failed (RTNETLINK answers:network unrechable
/usr/local/lib/ipsec/_updown: doroute `ip route add 195.61.161.131/32 via
195.61.161.131 dev eth0 ' failed (RTNETLINK answers: metwork unrechable
Can any one of you help me with this?
Thanks to any one who can help me making my ipsec running again!
Regards,
Spock!
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
More information about the Users
mailing list