[Openswan Users] No ipsecN in 2.6 kernel (good one)

Miguel A. Amable V. amable at cieta.net
Tue Feb 15 21:10:29 CET 2005


Hello everyone,

I am trying to set up a vpn with one linux fc3 on the left and one sonicwall on
the right in a manually keyed connection.

typing in the shell for the openswan installed it shows the following:
[root at vpn ipsec.d]# rpm -qa  | grep swan
openswan-2.3.0-2
openswan-klips-2.3.0-2.6.9_1.724_FC3_1
openswan-doc-2.3.0-1

the kernel is kernel-2.6.9-1.667 and it has the support in ipsec compiled as a
module for FC3

when I type the command:

[root at vpn ipsec.d]# ipsec manual --up vpntunnel
ipsec manual: fatal error in "vpntunnel": no IPsec-enabled interfaces found

it shows the above error.

I know that the 2.6 kernel don't use the interface ipsecN but what if I disable
the ipsec options compiled as a kernel module so the
installed binary openswan 2.3.0 will then begin to use its own ipsec stack hence 
will I have then the ipsecN interface and avoid the above error?

Now I am compiling the kernel without the ah and esp options and will see what
happens but what if that doesn't work? would anyone give me any options?

Thank You in advance.

Below you can see my config file /etc/ipsec.conf:

config setup
        interfaces="ipsec0=ppp0"
        klipsdebug=all
        plutodebug=all

conn vpntunnel
        # left security gateway (public-network address)
        left=a.b.c.d
        # next hop to reach right
        leftnexthop=d.s.l.g
        # subnet behind left (omit if left end of the tunnel is just the s.g.)
        leftsubnet=172.16.3.0/24
        # right s.g., subnet behind it, and next hop to reach left
        right=e.f.g.h
        rightsubnet=172.16.4.0/24
        # (manual) SPI number
        spi=[hexnumber]
        # (manual) encryption/authentication algorithm and parameters to it
        esp=3des-md5-96
        espenckey=[secret_key]
        espauthkey=[auth_key]

-- 
Miguel Ángel Amable Ventura


----------------------------------------------------------------------
Tecnologías de Información http://cieta.net


More information about the Users mailing list