[Openswan Users] linksys WRT54G openswan

Ferdinand O. Tempel pw at linuxops.net
Sat May 22 14:57:02 CEST 2004 

Hi,

> > * ipsec setup {start,stop} don't seem to do anything at all, I'm at this
> > point in getting things working now. I'll keep you posted both in the
> > forum mentioned above and through email reports when there's something
> > to report :-)
> 
> It takes a looooooooooooooooong time to start. There might also be some problems where
> the prompt doesn't get returned, while the whole subsystem is infact working.
> Give it a full minute to start, then initiate from the other end. 

Well, ipsec setup start and stop returned to the commandline immediately
without doing much. After diving into things a bit I noticed that it
might be missing /var/run to dump its pid files in, so I created it. All
of a sudden things started happening. Klips seems to get initialized OK,
creating an ipsec0 device, etc. The problem I'm having now is that pluto
refuses to run. After modifying /usr/lib/ipsec/_plutoload for the broken
paths (it too points to /usr/local) it still won't run. ipsec setup
--status says:

@OpenWrt:/usr/lib/ipsec# ipsec setup --status
IPsec running
but...
orphaned Pluto running!

and starting pluto by hand spits out an encouraging:
@OpenWrt:/usr/libexec/ipsec# ./pluto 
(overflow)libc.so.6: aborted attempt to load ./pluto!

I think I hit a wall. Any good ideas? :-)
Maybe compiling the openswan package against my own buildroot helps. Do
you happen to have instructions on how to do that? (and a source copy of
your openswan build tree might help too).

> I didn't give this to much attention, since I want to get rid of the scripts and
> use our new smaller binary tool called "starter". However, the tool doesn't compile
> properly yet in the current release.

Hmm, sounds interresting. Though ASCII scripts do make for easy
debugging.

> This was all done with a deadline for my BlackHat presentation last thursday. I will
> clean up the package and post an update.

Okay, I'll wait for that then. Maybe the fixes in paths an such will
have a deeper impact on things than simply modifying some path variables
in scripts.

> Thanks a lot for your feedback!

Don't mention it. I want this stuff to work, so I can show it off to
others :-)

-- 
Regards,

Ferdinand O. Tempel

Your friendly neighborhood linuxops.net administrator.

More information about the Users mailing list