[Openswan Users] [OpenswanUsers]2.6.13+Klips problems
Andrew Congdon
andrew.congdon at iplatinum.com.au
Fri Nov 4 10:38:51 CET 2005
I'm using several 2.3.1/2.6.12.6 FC4 talking to 2.3.1/2.6.11.6 FC3 and
freeswan 2.03/2.4.22 FC1. I'm getting regular:
klips_error:ipsec_xmit_send: ip_send() failed, err=-1
and less frequently:
failed in ISAKMP notify. Errno 105: No buffer space available
messages from 2.6.11-12 but otherwise all seems to work OK as long as I don't
try to use ipsec/klips as a module (if I do I get a kernel panic after a few
minutes), it must be builtin.
The configuration is a point to point openswan IPSEC rsasigkey'd connection
with a GRE tunnel on top using OSPF to share routes. I use the KLIPS code to
simplify the firewalling via the ipsec[n] interface. This is a long standing
configuration (~5 years).
I had to move to 2.4.0 (or 2.4.2dr5) to build with 2.6.13. This creates a
curious problem where I can ping remote hosts but can't ssh or http to them
whilst I _can_ ftp to them?! Similarly if I try to use 2.4.0 on 2.6.12.6.
I tried to bypass the problem by moving to 2.6.14 but I can't build 2.4.2rc1:
CC net/ipsec/ipsec_tunnel.o
net/ipsec/ipsec_tunnel.c: In function â:
net/ipsec/ipsec_tunnel.c:279: error: dereferencing pointer to incomplete type
Similarly with the CVS code.
I'm looking to use 2.6.13/14 because of later drivers for unrelated hardware.
Anyone else seen these problems and/or can suggest something else to try?
thanks,
--
Andrew
More information about the Users
mailing list