[Openswan Users] No KLIPS, no ipsec interface and no route.

shad shad.mortazavi at convergenceone.com
Thu Sep 23 09:31:39 CEST 2004 

Dear All,

I had some initial training on Free/SWAN two years ago but I'm new to 
the use of  IPSEC on Linux, so excuse these novice questions :).

I have compiled openswan-2.2.0 on my Yoper v2 latop running Kernel 
2.6.8.1-3.

I have been able to get a tunnel up to a Nortel 1700 using AES-128 and PSK.

At the moment I can ssh/etc from the 1700 network to my laptop (I need 
to define the tunnel filters on the other end to do the reverse).

This tells me that a) IPSEC Tunnel is up (I can see this being initiated 
in my logs and via my packet capture) and b) I have routing setup.

 From my training I was expecting to see reference to an ipsec 
interface, but I don't see one. From the reading/information I have I 
understand that the native IPSec does not provide a virtual IPSec 
interface. Is there a document/site explaining the differences between 
the two?

I was also expecting to see an entry for the remote network 10.0.0.0/8 
when I issued an ip route command;

I have two questions.

When I issue an ipsec restart I get;

Sep 23 08:03:59 yos pluto[31259]: "bwk": route-client output: 
/usr/local/lib/ipsec/_updown: doroute `ip route add 10.0.0.0/8 via 
xx.xxx.xxx.x dev eth0 ' failed(RTNETLINK answers: Network is unreachable)

What is cusing this?

Second am I using the IPSEC native to Kernel 2.6?

Some information;

 From IPSEC Verify I get.

Version check and ipsec on-path                                         
[OK]
Linux Openswan U2.2.0/K2.6.8.1-7 (native)

When I do a ipsec setup restart I get;

Sep 23 05:09:57 yos ipsec_setup: ...Openswan IPsec stopped
Sep 23 05:09:57 yos ipsec_setup: Stopping Openswan IPsec...
Sep 23 05:09:58 yos ipsec_setup: KLIPS ipsec0 on eth0 
xxx.xxx.x.xx/255.255.255.240 broadcast xxx.xxx.x.xx
Sep 23 05:09:58 yos ipsec__plutorun: Starting Pluto subsystem...
Sep 23 05:09:58 yos ipsec_setup: ...Openswan IPsec started
Sep 23 05:09:58 yos pluto[7599]: Starting Pluto (Openswan Version 2.2.0 
X.509-1.5.4 PLUTO_USES_KEYRR)
Sep 23 05:09:58 yos pluto[7599]:   including NAT-Traversal patch 
(Version 0.6c)[disabled]
Sep 23 05:09:58 yos ipsec_setup: Starting Openswan IPsec 
U2.2.0/K2.6.8.1-7...
Sep 23 05:09:58 yos pluto[7599]: ike_alg_register_enc(): Activating 
OAKLEY_AES_CBC: Ok (ret=0)
Sep 23 05:09:58 yos pluto[7599]: Using Linux 2.6 IPsec interface code

When I run an ipsec status verify it gives me;

root at yos init.d # ipsec setup status
IPsec running
but...
KLIPS module is not loaded!

Thanks and Regards

Shad Mortazavi
--------------------------
Technical Manager/Linux Team Leader

More information about the Users mailing list