[Openswan Users]
RE: Openswan with Fedora Core 3 - ipsec manual: fatal error in
"kirk-manual": no IPsec-enabled interfaces found
panos
panos at kamaradata.com
Mon Feb 28 10:07:21 CET 2005
I am a newbie to this group. So forgive me if this has been answered,
but I have looked everywhere and I can't get it resolved.
I hoping there is a quick answer out there. Details below.
Basically I am trying to setup a simple tunnel in manual mode. This
worked on 2.4 kernel (RH9) and openswan-2.2.0. I am now trying the same
config under FC3 openswan-2.3.0 and its not working.
I did see some info on google about this error message and it occurred
when people were trying to use FC3 with Openswan in manual mode. Is it
possible it does not work in manual mode.
Help please.
==============================
ERROR I AM GETTING in syslog
==============================
ipsec manual: fatal error in "kirk-manual": no IPsec-enabled interfaces
found
==============================
Distro, kernel and version
==============================
RH FC3
[root at kirk ~]# uname -r
2.6.10-1.766_FC3
openswan-2.3.0-1.i386.rpm
==============================
Ipsec comes up but if I try to ping
==============================
[root at kirk ~]# ping 192.168.103.1
connect: Resource temporarily unavailable
==============================
Ipsec.conf
==============================
[root at kirk etc]# more ipsec.conf
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=all
uniqueids=yes
manualstart="kirk-manual"
conn kirk-manual
left=%defaultroute
leftsubnet=192.168.130.12/32
right=69.59.183.36
rightsubnet=69.59.168.16/28
rightnexthop=69.59.183.33
spi=0xe48ff0cb
esp=3des-md5-96
rightid=kirk-manual
espenckey=0x8fe4d43beae0dc72be9a469fae1ab63d6666d8e724812e28
espauthkey=0x929b17e75bbcb9bde60cccd981ce0a22
==============================
A few things I noticed
==============================
The kernel I know has built in ipsec support, but I noticed in the
syslog
" Feb 28 08:36:10 kirk ipsec_setup: KLIPS ipsec0 on eth0". I thought
KLIPS was not to be loaded.
I saw the information at
http://www.openswan.org/docs/local/README.Kernel26
On 2.6 kernels and openswan. I believe I addressed all the relevant
issue.
The left subnet actually points to a virtual interface. However I tried
this config with a real interface and still didn't work. I know there
are some changes with virtual interfaces in 2.6 and openswan-2.3.0. But
I don't think that is my problem.
==============================
Syslog output
==============================
Feb 28 08:36:10 kirk ipsec_setup: KLIPS ipsec0 on eth0
192.168.103.11/255.255.255.0 broadcast 192.168.103.255
Feb 28 08:36:10 kirk ipsec_setup: ...Openswan IPsec started
Feb 28 08:36:10 kirk ipsec_setup: Starting Openswan IPsec 2.3.0...
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/net/key/af_key.ko
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/net/ipv4/ah4.ko
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/net/ipv4/esp4.ko
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/net/ipv4/ipcomp.ko
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/net/ipv4/xfrm4_tunnel.ko
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/crypto/des.ko
Feb 28 08:36:10 kirk ipsec_setup: insmod
/lib/modules/2.6.10-1.766_FC3/kernel/arch/i386/crypto/aes-i586.ko
Feb 28 08:36:10 kirk ipsec_setup: ipsec manual: fatal error in
"kirk-manual": no IPsec-enabled interfaces found
==============================
ipsec verify output
==============================
root at kirk k-box]# more out
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path
[OK]
Linux Openswan U2.3.0/K2.6.10-1.766_FC3 (netkey)
Checking for IPsec support in kernel
[OK]
Checking for RSA private key (/etc/ipsec.secrets)
[FAILED]
hostname: Host name lookup failure
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running
[OK]
Two or more interfaces found, checking IP forwarding
[FAILED]
Checking for 'ip' command
[OK]
Checking for 'iptables' command
[OK]
Checking for 'setkey' command for NETKEY IPsec stack support
[OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: kirk.kamaradata.com
[MISSING]
Does the machine have at least one non-private address?
[FAILED]
More information about the Users
mailing list