[Openswan Users] - kernel panic (follow-up)

Paul Wouters paul at xelerance.com
Tue Mar 1 23:54:43 CET 2005

On Tue, 1 Mar 2005 mario.lobo at ipad.com.br wrote:

> you told me to:
> > export KERNELSRC=/your/linux/tree
> > cd openswan-2
> > make module
> > make minstall
> Here is the result:
> [/usr/src/openswan-2test]>make module
> Building module for a 2.6 kernel
> make[1]: Entering directory `/usr/src/openswan-2test'
> make[2]: Entering directory `/usr/src/openswan-2test'
> make[2]: `/usr/src/openswan-2test//Makefile' is up to date.
> make[2]: Leaving directory `/usr/src/openswan-2test'
> make -C /usr/src/linux-2.6.11-test  BUILDDIR=/usr/src/openswan-2test/ SUBDIRS=/usr/src/openswan-
> 2test/ MODULE_DEF_INCLUDE=/usr/src/openswan-2test/packaging/linus/config-all.h ARCH=i386 modules
> make[2]: Entering directory `/usr/src/linux-2.6.11-test'
>   Building modules, stage 2.
> make[2]: Leaving directory `/usr/src/linux-2.6.11-test'

That is very strange. You should see a lot more output then that, unless the tree was
compiled before.

> KLIPS26 module built successfully.
> ipsec.ko is in /usr/src/openswan-2test/

It looks like a directory is missing. Per default, when no special build driectory is
defined, you should see:

KLIPS26 module built successfully.
ipsec.ko is in /usr/src/openswan-2.3.0/modobj26

-rw-r--r--  1 root root 4953552 Mar  1 23:51 ipsec.ko
   text    data     bss     dec     hex filename
 312306   13160    7004  332470   512b6 ipsec.ko

use make m26install as root to install it

> I used a clean kernel (2.6.11) with none of the openswan files copied to the kernel tree and no
> patches applied.

Which version of openswan is that? 
I do not udnerstand what is wrong. It works fine for me on a lot of different machines.

> Could you point me a direction (iptables rules-wise) on how to make it work with NETKEY. Although I
> really wanted it to work, I am kinda prone to give up KLIPS. What ever I try (kernel versions), it
> either compiles and doesn´t work (inline) or it doesn´t compile (module) :(.

I can't give you iptables rules that fix all of netkey's problems. Some of these things,
such as PMTU just need to get implemented in netkey.


More information about the Users mailing list