[Openswan Users] FreeSwan 2.06 update to get certificates, userland only?

Bram Bouwens bbouwens at xs4all.nl
Fri May 6 21:33:49 CEST 2005 

Jacco de Leeuw wrote:
> Bram Bouwens wrote:
> 
>> In the office is a gateway running FreeSwan 2.06 since several years
>> RedHat 7.3
>> Would it be sufficient to install the openswan-2.1.5-1rh7.i386.rpm
>> instead of the freeswan-userland-2.06_2.4.18_3-0, or is it
>> also necessary to update the kernel module
> 
> 
> Axel Thimm has more recent Openswan and kernel RPMs for RH7.3:
> http://atrpms.net/dist/rh7.3/openswan/
> 
Excellent, just what I need! Now I just found a quiet moment to
reboot the machine without the whole company shouting at me....

And then...

May  6 17:55:38 port ipsec_setup: 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o: unresolved 
symbol ipcomp_xform_funcs
May  6 17:55:38 port ipsec: ipsec_setup: 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o: unresolved 
symbol ipcomp_xform_funcs
May  6 17:55:38 port ipsec_setup: 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o: unresolved 
symbol sysctl_ipsec_debug_ipcomp
May  6 17:55:38 port ipsec_setup: 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o: unresolved 
symbol skb_compress
May  6 17:55:38 port ipsec_setup: 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o: unresolved 
symbol skb_decompress
May  6 17:55:38 port ipsec_setup: 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o: insmod 
/lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o failed


What I did? I installed kernel-2.4.20-37_40.rh7.3.at.i586.rpm,
openswan-kmdl-2.4.20-37_40.rh7.3.at-2.3.1-21.rh7.3.at.i586.rpm
and openswan-2.3.1-21.rh7.3.at.i386.rpm .
Now I saw that the kernel RPM itself also contained an ipsec.o,
so I removed the openswan-kmdl and I do have a situation that
works (at least) as before. Am I now missing the certificate
support, or something else? Should I have installed some other
packages to get those missing symbols?


>> Maybe easier to swap the whole machine for a newer box/OS then,
>> to minimise downtime. 
> 
> 
> At least keep your old kernel, should you decide to install a new
> one for NAT-T support. Presumably you are keeping your RH 7.3
> updated with RPMs from the Fedora Legacy Project or Progeny?

I did get some packages from there too, yes.


Bram

More information about the Users mailing list