[Openswan Users] OpenSWAN 2.3 and KLIPS 2.6 on RHES4

Randy B randy at pillowfactory.org
Wed Mar 9 06:56:28 CET 2005

> First stop openswan.
> Then make sure the af_key (netkey) module is not loaded. Unload 
> af_key,esp4,
> ah4 and ipcomp. Then modprobe klips. Then start openswan.
> Be aware that depending on the version of openswan, the klips module is
> unloaded at the end. This might cause a kernel failure. Also, when 
> neither
> stack is loaded, openswan prefers the netkey (af_key) stack, so the 
> second
> start would no longer use klips. The easiest is to make sure the klips 
> module
> does not get unloaded. This is true for CVS, but you might need to edit
> _startklips and change the rmmod line.
> Paul

Good - I was on the right track.  I cleaned out my modules, modprobed 
klips, and started ipsec - same thing with af_key (starting from a 
completely clean slate), but no dice.  Curious thing, though - I was 
seeing behaviour precisely opposite of what you describe - openswan was 
heavily preferring the klips module; when running with af_key, it would 
unload the module at shutdown, but would not do the same for klips, so 
if I did a 'ipsec setup restart', it would always go back to klips, no 
matter what I had been running.  Could this be because when I was 
working at installing I also did a 'make kpatch'?


More information about the Users mailing list