[Openswan Users] questions from newbie (should be simple)

Xiaoming Yu xiaoming at us.ibm.com
Wed Jun 16 11:54:54 CEST 2004


I just installed the openswan version 2.1.2 on my Fedora with kernel 2.6.5.
I have two basic questions regarding this process. I am even new to the
freeswan project, so bear with me if my questions are naive. Thanks in
advance.

First, I also downloaded the two patches listed on the web site, one for
kernel, one for NAT-T. I really need the nat-t one. I used patch command in
/usr/src/linux. Looks like for nat-t patch, no message shows up (not sure
if it means success or not). But for the kernel one, I got this error
message

[root at vpn linux]# patch -p1 < openswan-2.1.2.kern.patch
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|packaging/utils/kernelpatch 2.4
|--- linux/Documentation/Configure.help.orig    Fri Dec 21 12:41:53 2001
|+++ linux/Documentation/Configure.help Mon Jul 29 16:35:32 2002

Also when I did service ipsec restart, i saw this message in the security
log. Does the disabled flag means the patch is not there, or somehow i
should enable it. This could be related to the question above about patch
command.

Jun 16 10:37:16 vpn ipsec__plutorun: Starting Plutosubsystem...
Jun 16 10:37:16 vpn pluto[4666]: Starting Pluto (Openswan Version 2.1.2
X.509-1.4.8 PLUTO_USES_KEYRR)
Jun 16 10:37:16 vpn pluto[4666]:   including NAT-Traversal patch (Version
0.6c) [disabled]


Second question. When I did ipsec verify, I saw this. I assume the two
missing is ok, meaning I cannot do opportunitic encryption. How about the
N/A? Is it OK too?

[root at vpn linux]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                        [OK]
Linux Openswan U2.1.2/K2.6.5-1.358 (native) (native)
Checking for IPsec support in kernel                                   [OK]
Checking for RSA private key (/etc/ipsec.secrets)                      [OK]
Checking that pluto is running                                         [OK]
Two or more interfaces found, checking IP forwarding                   [OK]
Checking NAT and MASQUERADEing
[N/A]
Checking for 'ip' command                                              [OK]
Checking for 'iptables' command                                        [OK]
Checking for 'setkey' command for native IPsec stacksupport            [OK]

Opportunistic Encryption DNS checks:  Looking for TXT in forward dns zone:
hostname.domain             [MISSING]
   Does the machine have at least one non-private address?
[OK]
   Looking for TXT in reverse dns zone:122.109.10.9.in-addr.arpa.
[MISSING]

Again, really appreciate your time and comments.

Xiaoming



More information about the Users mailing list