[Openswan Users]
panos
panos at kamaradata.com
Mon Feb 28 17:48:39 CET 2005
>> What is NETKEY?...
>CONFIG_NETKEY is the option for the included IPsec stack in 2.6.
>CONFIG_KLIPS
>is the option for the openswan IPsec stack for 2.4 and 2.6
Thanks for your help, I see it in the .config of the kernel.
I have loaded the rpms for 2.3.0 and klips for FC3 from the openswan
web site.
I also got hold of a 2.6.9-1.724_FC3 kernel.
When I start openswan I get ... Linux Openswan U2.3.0/K2.6.9-1.724_FC3
(netkey)
How do I prevent "netkey" module from being loaded at boot time.
This may also be why I get ipsec_setup: insmod: can't read 'ipsec': No
such file or directory
I did get the correct kernel, 2.6.9-1.724_FC3, with which the
openswan-klips-2.3.0-2.6.9_1.724_FC3_1.i386.rpm was built for.
below are the messages I get when I do an service ipsec start.
I am trying to get klips to load instead of netkey with the hope I will
not get "no IPsec-enabled interfaces found"
I know should be using automatic keying but our vpn server on the other
side is not a linux box, but a sonic wall and it only interops with
manual keying.
========================================================================
==
ipsec_setup: insmod: can't read 'ipsec': No such file or directory
ipsec_setup: insmod
/lib/modules/2.6.9-1.724_FC3/kernel/net/key/af_key.ko
ipsec_setup: insmod /lib/modules/2.6.9-1.724_FC3/kernel/net/ipv4/ah4.ko
ipsec_setup: insmod /lib/modules/2.6.9-1.724_FC3/kernel/net/ipv4/esp4.ko
ipsec_setup: insmod
/lib/modules/2.6.9-1.724_FC3/kernel/net/ipv4/ipcomp.ko
ipsec_setup: insmod
/lib/modules/2.6.9-1.724_FC3/kernel/net/ipv4/xfrm4_tunnel.ko
ipsec_setup: insmod /lib/modules/2.6.9-1.724_FC3/kernel/crypto/des.ko
ipsec_setup: insmod
/lib/modules/2.6.9-1.724_FC3/kernel/arch/i386/crypto/aes-i586.ko
ipsec_setup: ipsec manual: fatal error in "kirk-manual": no
IPsec-enabled interfaces found
Linux Openswan U2.3.0/K2.6.9-1.724_FC3 (netkey)
> What is NETKEY?...
CONFIG_NETKEY is the option for the included IPsec stack in 2.6.
CONFIG_KLIPS
is the option for the openswan IPsec stack for 2.4 and 2.6
Paul
> -----Original Message-----
> From: Marcus Leech [mailto:mleech at nortel.com]
> Sent: Monday, February 28, 2005 10:14 AM
> To: Paul Wouters
> Cc: panos; users at openswan.org
> Subject: Re: [Openswan Users]
>
> I'm using FC3 with 2.6.10-1.766 kernel. I couldn't get KLIPS to work
> beyond the most superficial definition of "work". I had to revert
to
> NETKEY, which has its own problems--like you can only do one
> cycle of connection up/down, between restarts of OpenSwan. [The
EAGAIN
> problem we were discussing].
>
> Paul Wouters wrote:
>
> > On Mon, 28 Feb 2005, panos wrote:
> >
> >> Basically I am trying to setup a simple tunnel in manual mode.
This
> >> worked on 2.4 kernel (RH9) and openswan-2.2.0. I am now trying the
> same
> >> config under FC3 openswan-2.3.0 and its not working.
> >
> >
> > Manual keying is very likely broken with Openswan when using NETKEY.
> The
> > most sensible thing is not to use manual keying, but automatic
keying.
> If
> > you really insist on manual keying despite the strong recommendation
> to
> > switch, try using KLIPS instead of NETKEY.
> >
> > Paul
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
> >
>
More information about the Users
mailing list