[Openswan Users] No ipsecN in 2.6 kernel (good one)

Miguel A. Amable V. amable at cieta.net
Tue Feb 15 21:12:53 CET 2005


I have compiled the kernel without the native ipsec support and it didn't work.

Any ideas?

Miguel Angel Amable.

Mensaje citado por "Miguel A. Amable V." <amable at cieta.net>:

> Hello everyone,
> 
> I am trying to set up a vpn with one linux fc3 on the left and one sonicwall
> on
> the right in a manually keyed connection.
> 
> typing in the shell for the openswan installed it shows the following:
> [root at vpn ipsec.d]# rpm -qa  | grep swan
> openswan-2.3.0-2
> openswan-klips-2.3.0-2.6.9_1.724_FC3_1
> openswan-doc-2.3.0-1
> 
> the kernel is kernel-2.6.9-1.667 and it has the support in ipsec compiled as
> a
> module for FC3
> 
> when I type the command:
> 
> [root at vpn ipsec.d]# ipsec manual --up vpntunnel
> ipsec manual: fatal error in "vpntunnel": no IPsec-enabled interfaces found
> 
> it shows the above error.
> 
> I know that the 2.6 kernel don't use the interface ipsecN but what if I
> disable
> the ipsec options compiled as a kernel module so the
> installed binary openswan 2.3.0 will then begin to use its own ipsec stack
> hence 
> will I have then the ipsecN interface and avoid the above error?
> 
> Now I am compiling the kernel without the ah and esp options and will see
> what
> happens but what if that doesn't work? would anyone give me any options?
> 
> Thank You in advance.
> 
> Below you can see my config file /etc/ipsec.conf:
> 
> config setup
>         interfaces="ipsec0=ppp0"
>         klipsdebug=all
>         plutodebug=all
> 
> conn vpntunnel
>         # left security gateway (public-network address)
>         left=a.b.c.d
>         # next hop to reach right
>         leftnexthop=d.s.l.g
>         # subnet behind left (omit if left end of the tunnel is just the
> s.g.)
>         leftsubnet=172.16.3.0/24
>         # right s.g., subnet behind it, and next hop to reach left
>         right=e.f.g.h
>         rightsubnet=172.16.4.0/24
>         # (manual) SPI number
>         spi=[hexnumber]
>         # (manual) encryption/authentication algorithm and parameters to it
>         esp=3des-md5-96
>         espenckey=[secret_key]
>         espauthkey=[auth_key]
> 
> -- 
> Miguel Ángel Amable Ventura
> 
> 
> ----------------------------------------------------------------------
> Tecnologías de Información http://cieta.net
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 


-- 
Lic. Miguel Ángel Amable Ventura
Consultor en Tecnologías de Información
Cel. 044 442 2815059
Tel. 2141405


----------------------------------------------------------------------
Tecnologías de Información http://cieta.net


More information about the Users mailing list