[Openswan Users] FreeSwan 2.06 update to get certificates,
userland only?
Bram Bouwens
bbouwens at xs4all.nl
Sat May 7 00:35:36 CEST 2005
Jacco de Leeuw wrote:
> Bram Bouwens wrote:
>
>> /lib/modules/2.4.20-37_40.rh7.3.at/updates/net/ipsec/ipsec.o failed
>>
>> What I did? I installed kernel-2.4.20-37_40.rh7.3.at.i586.rpm,
>> openswan-kmdl-2.4.20-37_40.rh7.3.at-2.3.1-21.rh7.3.at.i586.rpm
>> and openswan-2.3.1-21.rh7.3.at.i386.rpm .
>> Now I saw that the kernel RPM itself also contained an ipsec.o,
>> so I removed the openswan-kmdl and I do have a situation that
>> works (at least) as before.
>
>
> Either install the kernel RPM or the kernel module RPM. Not both.
> You need the kernel RPM for NAT-T support. Check with
> rpm -V kernel-2.4.20-37_40.rh7.3 whether files were overwritten.
> If so, you may need to reinstall the kernel RPM.
Checked that, it's fine!
>
>> Am I now missing the certificate support, or something else?
>
>
> No, both RPMs support X.509.
Great.
Now the next step: I was running racoon on the home side, and now
that gave me:
May 6 20:35:58 localhost racoon: WARNING: trns_id mismatched: my:3DES
peer:AES
May 6 20:35:58 localhost racoon: WARNING: trns_id mismatched: my:3DES
peer:AES
May 6 20:35:58 localhost racoon: WARNING: authtype mismatched:
my:hmac-md5 peer:hmac-sha
But that went away when I put `esp=3des' in the ipsec.conf on the
office side. Then stuff seemed OK, but after an hour I got:
May 6 22:29:08 localhost racoon: ERROR: unknown Informational exchange
received.
May 6 22:29:09 localhost racoon: INFO: ISAKMP-SA expired
80.126.5.18[500]-82.94.15.138[500] spi:ebeace8f43e10f8f:cbed996d8a20dd94
and the last message kept repeating many, MANY times. That was there
already for the last few days and I think it may have cause serious
trouble in the end: I lost the dsl connection and got massive amounts
of these:
May 6 02:15:48 localhost kernel: Neighbour table overflow.
So now I killed racoon and started the openswan ipsec on that side
(SuSE 9.2 prof, openswan-2.2.0-8) and it seems OK so far.
I'm very curious whether the same problem will not appear now with
pluto as well. Is the problem in the kernel of in racoon?
Bram
More information about the Users
mailing list