[Openswan Users] acquire-netlink problem with FC3 + 2.6 kernel

Matthew Radey webmaster at freejazz.org
Tue Apr 12 19:12:21 CEST 2005 

I'm not sure what to make of this, because yesterday I had a working
openswan tunnel, and the changes made since then shouldn't have affected
it. Both machines are identical in just about every respect except
hostname and ipsec.secrets.

So what happened? Well, there was a new FC3 kernel update, but when
openswan started behaving as outlined below, I rebooted with yesterday's
kernel, but I still get the same problem. :-(  That's about it for changes.

I've seen posts about this before, but going through those did not help
me. It's strange because the output of 'ipsec auto --status' indicates
the tunnel exists, and it basically looks like normal, but both hosts
lose all network connectivity as soon as the tunnel is started, and I
get the acquire-netlink messages below.

Any ideas?


[rick at fw1 ~]$ uname -a
Linux fw1.mydomain.com 2.6.10-1.770_FC3 #1 Thu Feb 24 14:00:06 EST 2005
i686 i686 i386 GNU/Linux
[rick at fw1 ~]$ rpm -qa | grep openswan
openswan-klips-2.3.1-2.6.10_1.770_FC3_1
openswan-2.3.1-1
[rick at fw1 ~]$ host google.com
google.com has address 216.239.57.99
google.com has address 216.239.37.99
google.com has address 216.239.39.99
[rick at fw1 ~]$ sudo /sbin/service ipsec start
Password:
ipsec_setup: Starting Openswan IPsec 2.3.1...
ipsec_setup: insmod /lib/modules/2.6.10-1.770_FC3/kernel/net/key/af_key.ko 
ipsec_setup: insmod /lib/modules/2.6.10-1.770_FC3/kernel/net/ipv4/ah4.ko 
ipsec_setup: insmod /lib/modules/2.6.10-1.770_FC3/kernel/net/ipv4/esp4.ko 
ipsec_setup: insmod /lib/modules/2.6.10-1.770_FC3/kernel/net/ipv4/ipcomp.ko 
ipsec_setup: insmod
/lib/modules/2.6.10-1.770_FC3/kernel/net/ipv4/xfrm4_tunnel.ko 
ipsec_setup: insmod /lib/modules/2.6.10-1.770_FC3/kernel/crypto/des.ko 
ipsec_setup: insmod
/lib/modules/2.6.10-1.770_FC3/kernel/arch/i386/crypto/aes-i586.ko 
[rick at fw1 ~]$ host google.com
[rick at fw1 ~]$ host cnn.com
[rick at fw1 ~]$ host slashdot.org
socket.c:1115: internal_send: [nameserver_ip]#53: No such process
errno2result.c:109: unable to convert errno to isc_result: 3: No such
process
[rick at fw1 ~]$ ping [nameserver_ip]
connect: Resource temporarily unavailable
[rick at fw1 ~]$ sudo /usr/sbin/ipsec auto --status
...
000 A.B.C.D/32:0 -17-> [nameserver_ip]/32:0 => %hold 0    %acquire-netlink
000 A.B.C.D/32:0 -17-> [nameserver_ip]/32:0 => %hold 0    %acquire-netlink
000 A.B.C.D/32:0 -17-> [nameserver_ip]/32:0 => %hold 0    %acquire-netlink
000 A.B.C.D/32:0 -1-> [unrelated_ip]/32:0 => %hold 0    %acquire-netlink

More information about the Users mailing list