[Openswan Users] No ipsec0 device, and insmod error

[Ken Bantoft]

On Fri, 4 Jun 2004, Matt Harrell wrote:

> I sent e-mail before about problems I'm having with the ipsec 
> implementation in FC2 (kernel 2.6).  As I said earlier, I'm using 
> OpenSWAN now, and having some luck.  However, I can only get one tunnel 
> (i.e., one subnet on the dst side) to come up.  Even if I just work with 
> that tunnel, though, I don't have full functionality.  Pings to my work 
> PC get there, but I can't, for instance, Terminal Service anything at 
> the work subnet.  Also, DNS to the internal interface of the work 
> firewall does not work (it used to under FreeSWAN 2.06, and this is 
> generally how it's done in our remote user tunnels).  When I check 
> tcpdump on the firewall, I see the ISAKMP packets arrive on the external 
> firewall interface, but nothing comes out the internal interface when I 
> Terminal Service.  It seems like it must be something in the work 
> firewall, then, but the fact that this worked just fine under FC1 and 
> FreeSWAN 2.06 have me thinking otherwise.
> 
> Also, looking at the boot messages, I noticed this:
> 
> ipsec_setup: insmod: can't read 'ipsec': No such file or directory

That's okay.  We should surpress the message - it just means KLIPS wasn't 
loaded.  Since you are on 2.6, this is expected behaviour.

> Another thing I've noticed, but until now assumed was just a difference 
> between FreeSWAN and the 2.6 kernel implementation of ipsec, is that I 
> no longer have an ipsec0 interface.  It's not listed in ifconfig as it 
> used to be.  Is this normal?

That's normal.  2.6's IPsec stack does not have a virtual device.

-- 
Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

The future is here. It's just not evenly distributed yet. 
        -- William Gibson