[Openswan Users] OpenSWAN 2.3 and KLIPS 2.6 on RHES4
Randy B
randy at pillowfactory.org
Wed Mar 9 06:56:28 CET 2005
> First stop openswan.
> Then make sure the af_key (netkey) module is not loaded. Unload
> af_key,esp4,
> ah4 and ipcomp. Then modprobe klips. Then start openswan.
>
> Be aware that depending on the version of openswan, the klips module is
> unloaded at the end. This might cause a kernel failure. Also, when
> neither
> stack is loaded, openswan prefers the netkey (af_key) stack, so the
> second
> start would no longer use klips. The easiest is to make sure the klips
> module
> does not get unloaded. This is true for CVS, but you might need to edit
> _startklips and change the rmmod line.
>
> Paul
Good - I was on the right track. I cleaned out my modules, modprobed
klips, and started ipsec - same thing with af_key (starting from a
completely clean slate), but no dice. Curious thing, though - I was
seeing behaviour precisely opposite of what you describe - openswan was
heavily preferring the klips module; when running with af_key, it would
unload the module at shutdown, but would not do the same for klips, so
if I did a 'ipsec setup restart', it would always go back to klips, no
matter what I had been running. Could this be because when I was
working at installing I also did a 'make kpatch'?
RB
More information about the Users
mailing list