[Openswan Users] RE: page allocation failure. (Jason Sigurdur)

Jason Sigurdur jason.sigurdur at ASPENVIEW.ORG
Thu Oct 7 14:47:05 CEST 2004


 
Hi,as per the reply to my problem 'known kernel bug' and disable
ipcompression. (Question 9)
I cannot find this bug in the known bug list at 'Bugzilla' ?
Is it an item that will be fixed?

Thx jason
-----Original Message-----
From: users-request at openswan.org [mailto:users-request at openswan.org] 
Sent: Thursday, October 07, 2004 11:59 AM
To: users at openswan.org
Subject: Users Digest, Vol 11, Issue 15

Send Users mailing list submissions to
	users at openswan.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.openswan.org/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
	users-request at openswan.org

You can reach the person managing the list at
	users-owner at openswan.org

When replying, please edit your Subject line so it is more specific than
"Re: Contents of Users digest..."


Today's Topics:

   1. Hello (rituraj buddhisagar)
   2. Debian packages needed. (rituraj buddhisagar)
   3. Re: Debian packages needed. (Paul Wouters)
   4. Re: Debian packages needed. (Ingo Bruell)
   5. RE: Debian packages needed. (Joost Kraaijeveld)
   6. Re: 2.2.x Requires LKM Support?  (Michael Richardson)
   7. RE: Debian packages needed. (Joost Kraaijeveld)
   8. Re: Debian packages needed. (David Clymer)
   9. page allocation failure. (Jason Sigurdur)
  10. Re: Debian packages needed. (Paul Wouters)
  11. Re: page allocation failure. (Paul Wouters)
  12. Re: Debian packages needed. (Ferdinand O. Tempel)


----------------------------------------------------------------------

Message: 1
Date: Thu, 07 Oct 2004 06:28:16 +0530
From: rituraj buddhisagar <rituraj.buddhisagar at nevisnetworks.com>
Subject: [Openswan Users] Hello
To: users at openswan.org
Message-ID: <1097110696.3250.74.camel at localhost.localdomain>
Content-Type: text/plain

Hi all;

I am a new user of Openswan. JUst downloaded the rpms and would try the
connectivity between our 2 offices tomm by two FC2 boxes. I am very happy to
learn that freeSWAN project's goal is not dead. 

I am a GNU/Linux fan. I have been using redhat for last 3 years and
currently my desktop is Debian. I would like to contribute to the community
in some way.

I will keep in touch with you all.

Regards;
Rituraj


------------------------------

Message: 2
Date: Thu, 07 Oct 2004 06:56:24 +0530
From: rituraj buddhisagar <rituraj.buddhisagar at nevisnetworks.com>
Subject: [Openswan Users] Debian packages needed.
To: Users at openswan.org
Message-ID: <1097112384.2661.79.camel at localhost.localdomain>
Content-Type: text/plain

It would be great if openswan provides .deb packages for all us debian users
on FTP site.

Regards;
Rituraj


------------------------------

Message: 3
Date: Thu, 7 Oct 2004 16:17:02 +0200 (MET DST)
From: Paul Wouters <paul at xelerance.com>
Subject: Re: [Openswan Users] Debian packages needed.
To: rituraj at pune.nevisnetworks.com
Cc: Users at openswan.org
Message-ID:
	<Pine.LNX.4.61.0410071614110.16101 at expansionpack.xtdnet.nl>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Thu, 7 Oct 2004, rituraj buddhisagar wrote:

> It would be great if openswan provides .deb packages for all us debian 
> users on FTP site.

See packaging/debian

We are also already included ni some debian distributions.

Paul
-- 
 	"Non cogitamus, ergo nihil sumus"

------------------------------

Message: 4
Date: Thu, 7 Oct 2004 16:20:09 +0200
From: Ingo Bruell <ibruell at gmx.de>
Subject: Re: [Openswan Users] Debian packages needed.
To: Users at openswan.org
Message-ID: <701497674.20041007162009 at gmx.de>
Content-Type: text/plain; charset="us-ascii"

Hi rituraj,

rb> It  would  be  great if openswan provides .deb packages for all us 
rb> debian users on FTP site.

debian  sid  (unstable) contains openswan 2.2.0-1. You can download it from
the debian homepage


best regards

Ingo Bruell

---
<ibruell at gmx.de>
<ICQ# 40377720>
Oldenburg  PGP-Fingerprint: CB01 AE12 B359 87C4 BF1C  953C 8FE7 C648 169E
E5FC
Germany    PGP-Public-Key available at pgpkeys.mit.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url :
http://lists.openswan.org/pipermail/users/attachments/20041007/1180670c/atta
chment-0001.bin

------------------------------

Message: 5
Date: Thu, 7 Oct 2004 16:31:07 +0200
From: "Joost Kraaijeveld" <J.Kraaijeveld at Askesis.nl>
Subject: RE: [Openswan Users] Debian packages needed.
To: "Paul Wouters" <paul at xelerance.com>
Cc: "Users Openswan \(E-mail\)" <users at openswan.org>
Message-ID: <A3D1526C98B7C1409A687E0943EAC410489E67 at obelix.askesis.nl>
Content-Type: text/plain;	charset="iso-8859-1"

> See packaging/debian
> 
> We are also already included ni some debian distributions.
apt-get install openswan works. 

What should be provided is a simple howto do things on Debian.

Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld at Askesis.nl
web: www.askesis.nl

------------------------------

Message: 6
Date: Thu, 07 Oct 2004 10:58:45 -0400
From: Michael Richardson <mcr at xelerance.com>
Subject: Re: [Openswan Users] 2.2.x Requires LKM Support? 
To: Paul Wouters <paul at xelerance.com>
Cc: users at openswan.org
Message-ID: <28554.1097161125 at marajade.sandelman.ottawa.on.ca>
Content-Type: text/plain; charset=US-ASCII

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> On Tue, 5 Oct 2004, Bryan McAninch wrote:

    >> I've just upgraded OpenSWAN from 2.1.5 to 2.2.0, kernel 2.4.27.
    >> I encountered an error during kernel (re)compilation -
    >> "modversion.h not found" in ipsec_alg.c. This was remedied by
    >> adding LKM support - but, for security reasons, I prefer not to
    >> have LKM support on VPN / firewall devices. I had no issues with

  You are my kind of man.
  I wish that I could force some of the distro maintainers to live without
modules for a week.

    >> lack of LKM support in the 2.1.5 release, so I'm wondering, will
    >> this be a permanent thing in 2.2.x or is this just a temporary
    >> compilation bug?

    Paul> This is a temporary problem. It's on Michael's todo list.  I
    Paul> am not sure if just removing the include file fixes
    Paul> this. Michael?

  In your case, just remove the #include line.
  In general, for module builds we include modversions.h on the command
line,  but algorithm code itself wants to link to modules, so it gets
complicated.
  (You could have a statically linked KLIPS that loads dynamic algorithms)

  Please report a compilation bug -- we should create a build test case that
builds a kernel without LKM enabled at all.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls
[
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net
architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device
driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security
guy"); [ -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQWVZm4qHRg3pndX9AQGrZQQAvUQQns3JYovY70zsxv9LdlM4iVjDKE84
5kFH5BWfiHv3PBxLiGCzU104IEnJgeCmGUOsaGzC6+/vRjkF8BJ6j2kmUlSOuM17
ZN7YewCImO+BccES52qpykkLYWmQoSpkVJvRfjwc+4UXlUkBs2XYzvE2o67ZXZ1f
VKie6BIUAqo=
=J75E
-----END PGP SIGNATURE-----

------------------------------

Message: 7
Date: Thu, 7 Oct 2004 17:43:40 +0200
From: "Joost Kraaijeveld" <J.Kraaijeveld at Askesis.nl>
Subject: RE: [Openswan Users] Debian packages needed.
To: "Paul Wouters" <paul at xelerance.com>
Cc: "Users Openswan \(E-mail\)" <users at openswan.org>
Message-ID: <A3D1526C98B7C1409A687E0943EAC41001EAB2 at obelix.askesis.nl>
Content-Type: text/plain;	charset="iso-8859-1"

Hi all,

My previous message was not without a reason: I succesfully set up an
network to network tunnel with Debian Sarge and OpenSwan 2.1.1.-4. Repeating
the same procedure by the letter/keystroke OpenSwan 2.1.3-1 is not possible
(does not result in a working configuration). Apparently something changed.
Don't know what, cannot find anything to read.

Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld at Askesis.nl
web: www.askesis.nl

------------------------------

Message: 8
Date: Thu, 7 Oct 2004 11:51:43 -0400
From: David Clymer <dclyme at hrcsb.org>
Subject: Re: [Openswan Users] Debian packages needed.
To: users at openswan.org
Message-ID: <20041007155143.GH14698 at gorilla.mainst.hrcsb.org>
Content-Type: text/plain; charset=us-ascii

Thus quoth Joost Kraaijeveld:
> From: Joost Kraaijeveld <J.Kraaijeveld at Askesis.nl>
> To: Paul Wouters <paul at xelerance.com>
> Cc: "Users Openswan (E-mail)" <users at openswan.org>
> Subject: RE: [Openswan Users] Debian packages needed.
> 
> Hi all,
> 
> My previous message was not without a reason: I succesfully set up an
network to network tunnel with Debian Sarge and OpenSwan 2.1.1.-4. Repeating
the same procedure by the letter/keystroke OpenSwan 2.1.3-1 is not possible
(does not result in a working configuration). Apparently something changed.
Don't know what, cannot find anything to read.
> 

I've had the same experience. The new version requires that you enable
opportunistic encryption in order for it to work at all. The default is to
disable it. This behavior persists even if one upgrades to 2.2.x from sid.

-davidc

------------------------------

Message: 9
Date: Thu, 7 Oct 2004 11:14:26 -0600
From: Jason Sigurdur <jason.sigurdur at ASPENVIEW.ORG>
Subject: [Openswan Users] page allocation failure.
To: users at openswan.org
Message-ID:
	<08D2636915B90D4FADE116B548E5A516D6C41A at mail.aspenview.org>
Content-Type: text/plain

Hi,
I am using FC2 with openswan version 'openswan-2.2.0-2fc2.i386.rpm' With 16
tunnels, kernel veriosn: 2.6.8-1.521.

After 3-4 days I must restart ipsec. I also get the following errors in the
logs:
kernel: pluto: page allocation failure. order:4, mode:0xd0
(/var/log/messages)

failed in STATE_MAIN_R2. Errno 105: No buffer space available
(/var/log/secure)

Thank you,
Jason sigurdur

------------------------------

Message: 10
Date: Thu, 7 Oct 2004 20:14:09 +0200 (MET DST)
From: Paul Wouters <paul at xelerance.com>
Subject: Re: [Openswan Users] Debian packages needed.
To: David Clymer <dclyme at hrcsb.org>
Cc: users at openswan.org
Message-ID:
	<Pine.LNX.4.61.0410072013250.15700 at expansionpack.xtdnet.nl>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Thu, 7 Oct 2004, David Clymer wrote:

>> My previous message was not without a reason: I succesfully set up an
network to network tunnel with Debian Sarge and OpenSwan 2.1.1.-4. Repeating
the same procedure by the letter/keystroke OpenSwan 2.1.3-1 is not possible
(does not result in a working configuration). Apparently something changed.
Don't know what, cannot find anything to read.
>>
>
> I've had the same experience. The new version requires that you enable 
> opportunistic encryption in order for it to work at all. The default 
> is to disable it. This behavior persists even if one upgrades to 2.2.x 
> from sid.

Can someone provide me with an ipsec barf output in this 'non working' state
without opportunistic encryptiom?

Paul
-- 
 	"Non cogitamus, ergo nihil sumus"

------------------------------

Message: 11
Date: Thu, 7 Oct 2004 20:15:01 +0200 (MET DST)
From: Paul Wouters <paul at xelerance.com>
Subject: Re: [Openswan Users] page allocation failure.
To: Jason Sigurdur <jason.sigurdur at ASPENVIEW.ORG>
Cc: users at openswan.org
Message-ID:
	<Pine.LNX.4.61.0410072014210.15700 at expansionpack.xtdnet.nl>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Thu, 7 Oct 2004, Jason Sigurdur wrote:

> I am using FC2 with openswan version 'openswan-2.2.0-2fc2.i386.rpm' 
> With 16 tunnels, kernel veriosn: 2.6.8-1.521.
>
> After 3-4 days I must restart ipsec. I also get the following errors 
> in the
> logs:
> kernel: pluto: page allocation failure. order:4, mode:0xd0
> (/var/log/messages)
>
> failed in STATE_MAIN_R2. Errno 105: No buffer space available
> (/var/log/secure)

disable compression with compression=no
This is a known kernel bug.

Paul
-- 
 	"Non cogitamus, ergo nihil sumus"

------------------------------

Message: 12
Date: Thu, 07 Oct 2004 20:23:46 +0200
From: "Ferdinand O. Tempel" <pw at linuxops.net>
Subject: Re: [Openswan Users] Debian packages needed.
To: users at openswan.org
Message-ID: <1097173426.4604.13.camel at m00>
Content-Type: text/plain

On Thu, 2004-10-07 at 17:51, David Clymer wrote:
> Thus quoth Joost Kraaijeveld:
> > From: Joost Kraaijeveld <J.Kraaijeveld at Askesis.nl>
> > To: Paul Wouters <paul at xelerance.com>
> > Cc: "Users Openswan (E-mail)" <users at openswan.org>
> > Subject: RE: [Openswan Users] Debian packages needed.
> > 
> > Hi all,
> > 
> > My previous message was not without a reason: I succesfully set up an
network to network tunnel with Debian Sarge and OpenSwan 2.1.1.-4. Repeating
the same procedure by the letter/keystroke OpenSwan 2.1.3-1 is not possible
(does not result in a working configuration). Apparently something changed.
Don't know what, cannot find anything to read.
> > 
> 
> I've had the same experience. The new version requires that you enable 
> opportunistic encryption in order for it to work at all. The default 
> is to disable it. This behavior persists even if one upgrades to 2.2.x 
> from sid.

I've backported the 2.2.0 package from Sid to Woody, and have zero problems
with OE disabled (include /etc/ipsec.d/examples/no_oe.conf in
/etc/ipsec.conf). This is using a 2.6 kernel, however, thus it might be a
2.4 specific issue.

You might want to consider to `reportbug openswan` on this.
--
Regards,

Ferdinand O. Tempel

Your friendly neighborhood linuxops.net administrator.


------------------------------

_______________________________________________
Users mailing list
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users


End of Users Digest, Vol 11, Issue 15
*************************************


More information about the Users mailing list