[Openswan Users] Re: [Openswan dev] Arkoon starter app for Openswan 1.0.2

Paul Wouters paul at xelerance.com
Fri Apr 9 13:11:17 CEST 2004 

On Fri, 9 Apr 2004, Joshua Jackson wrote:

> Attached is a tgz of the source for the Arkoon starter application which has 
> been patched to work with openswan 1.0.2. XAUTH support is missing, but the 
> remainder of the features (X509, DPD, NAT-T, etc) are working and it also 
> contains the %defaultroute patch.

Thanks!

I have also made it available at:

ftp://ftp.openswan.org/openswan/contrib/

I've tested it on openswan-1 HEAD (current cvs, which means 1.0.3) 

- I had to change the define for ipsec.conf, since we do not ship it
  standard in /etc/ipsec.d/ipsec.conf
- ignoring unknown keyword 'dumpdir' in config setup
- ignoring unknown keyword 'plutoload' in config setup
- ignoring unknown keyword 'plutostart' in config setup
- can't load config: bad addr leftnexthop=%direct [illegal (non-DNS-name) character in name]

I can see that plutoload/start don't really matter. But dumpdir would be nice.
And the "%direct" is also something that is unfortunately needed for some local
LAN connections in openswan-1. Openswan-2 no longer needs to nexthop settings.

Starting didn't load any connections.

It claimed:

Loading conn peace-bofh
Loading conn me-to-anyone

peace-bofh was on "auto=ignore" so it should probably say it skipped loading it?

The OE conn failed to load as well. When manually trying to --add it when starter
is running, I got:

# ipsec auto --add me-to-anyone
ipsec_auto: fatal error in "me-to-anyone": %defaultroute requested but not known

# route -n|
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
209.112.44.120  193.110.157.22  255.255.255.255 UGH   0      0        0 eth0
193.110.157.16  0.0.0.0         255.255.255.240 U     0      0        0 eth0
193.110.157.16  0.0.0.0         255.255.255.240 U     0      0        0 ipsec0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         193.110.157.30  0.0.0.0         UG    0      0        0 eth0


Stopping with service ipsec stop caused starter to say:

Apr  9 12:00:24 bofh pluto[19034]: FATAL ERROR: socket() in init_pfkeyfd(). Errno 97: Address family not supported by protocol

It kept running though.

On another stop (now with --debug) I got:

FATAL ERROR: socket() in init_pfkeyfd(). Errno 97: Address family not supported by protocol
child 19281 (Pluto) has quit (exit code 1)
pluto has died -- restart scheduled (5sec)
pluto refused to be started


The OE connection works without using starter.

Anyway, thanks for the work on starter!

Paul

More information about the Users mailing list