[Openswan Users]

mario.lobo at ipad.com.br mario.lobo at ipad.com.br
Mon Feb 28 17:10:44 CET 2005


I´ve tried with kernel 2.6.10 and patched up to 2.6.11, both from kernel.org and still can´t get 
KLIPS to work with any of them.

I tried downgrading the kernel down to 2.5.0 (with all the in-between) to no avail.

I tried openswan-klips-2.3.0-2.6.9_1.724_FC3_1.i386.rpm and openswan-2.3.0 rpm with 
kernel-2.6.9_1.724_FC3.rpm and I got the same kind of kernel error messages I had when compiling 
KLIPS into the kernel.

Finally, I gave up (for now) using KLIPS and started trying NET_KEY. The tunnel is established but 
I can´t gaet data to flow through it !!  I am MARKing the esp packets on iptables, which worked. 
Before the mark, when the tunnel was established, I would loose regular connection (ssh, telnet, 
etc..). I can see the ESP packet getting on the remote machine but somehow they are not getting de-
crypted ( I miss ipsec0 so much :-( !! ).

Has anyone had any experience/success setting openswan with NET_KEY?

Thanks in advance,
   //|  //||
  // | // ||
-//--//---|| ARIO LOBO
//  //    ||
mario.lobo at ipad.com.br

On 28 Feb 2005 at 20:48, Paul Wouters wrote:

> On Mon, 28 Feb 2005, Marcus Leech wrote:
> > I couldn't get KLIPS to work at all.  First, there's a problem with the 
> > AES module causing a NULL pointer
> >   dereference in the kernel.  Patching the ipsec.conf file to avoid AES 
> > code, simply results in other problems--
> I believe this is fixed in HEAD.
> >   like the roadwarrior client locking up so tight I had to pull the 
> > battery out to get a restart.  Now, this is with
> That problem only shows up when using RedHat based kernels. Try a 
> kernel.org kernel instead. We are still investigating what kernel patch
> exactly is responsible for this behaviour.
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users

More information about the Users mailing list