[Openswan Users] Fw: zywall 30w to FreeS/WAN on SLES 9.0 2.6 kernal question

Paul Wouters paul at xelerance.com
Sat May 21 21:14:37 CEST 2005 

On Sat, 21 May 2005, LeRoy Grubbs wrote:

> http://www.advbuscomputing.com/zywall_config.html
>
> What is it in the kernel that is required to fix this?
>
> ERROR: netlink response for Add SA esp.8fbee2f6 at 65.41.196.190 included errno 3: No such process

I believe this is just an error because your configuration is invalid.

> May 21 11:45:18 UIWMO pluto[14481]: "ui" #2: route-client output: RTNETLINK answers: Network is unreachable
> May 21 11:45:18 UIWMO pluto[14481]: "ui" #2: route-client output: /usr/lib/ipsec/_updown: `ip route add 192.168.1.0/24 via 10.10.0.2 dev eth0' failed
> May 21 11:45:18 UIWMO pluto[14481]: "ui" #2: route-client command exited with status 2

This is your problem.

Looking at your configuration:

conn ui
 	authby=secret|rsasig
 	#authby=rsasig

Using the | symbol is not valid. Use one or the other.

 	auto=start
 	esp=aes,3des
 	keyingtries=3
 	left=65.41.196.190
 	#leftcert=/etc/ipsec.d/certs/cert_01.pem
 	leftid=willm.axcess at gmail.com
 	#leftrsasigkey=%cert
 	leftsubnet=192.168.0.1/24
 	leftnexthop=192.168.0.1

You cannot have a leftsubnet as inside network, which also contains
the default gateway address. This setup can never work like this. The
wrong leftnexthop is also the cause of the above route command failing.

your barf also shows:

+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth0/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1

please disable rp_filter in /etc/sysctl.conf

But the real error is:

 	Linux FreeS/WAN U2.04/K(no kernel code presently loaded)

and later in the barf:

+ cat /proc/modules

aes 30528 0 - Live 0xd0df7000
blowfish 10496 0 - Live 0xd0dcc000
sha256 10240 0 - Live 0xd0dbc000
sha1 8960 0 - Live 0xd0db8000
crypto_null 2560 0 - Live 0xd0b30000

xfrm_user 13828 0 - Live 0xd0d63000
ipcomp 7424 0 - Live 0xd0d82000
esp4 10368 0 - Live 0xd0d68000
ah4 7808 0 - Live 0xd0c0e000
af_key 31376 0 - Live 0xd0d79000

The NETKEY code is loaded, but freeswan 2.04 does not recognise it
being loaded. I recommend switching to Openswan if you want to use
the NETKEY ipsec stack.

Paul

More information about the Users mailing list