[Openswan Users] Openswan + klips + kernel 2.6

Jorge Daniel Sequeira Matias martin at andorinha.ist.utl.pt
Thu Nov 17 15:40:03 CET 2005


On Tuesday 15 November 2005 12:25, Jorge Daniel Sequeira Matias wrote:
> On Tuesday 15 November 2005 07:36, Martin Bene wrote:
> > First, a short note on the 2.4.2 release:
> >
> > The problem with new awk versions and ipsec auto does not seem to be
> > fixed in this release, I had to change the function definition on line
> > 223 of /usr/local/libexec/ipsec/auto from default to openswan_default
> > (and of course also change the calls to this function) to get 2.4.2 to
> > work at all on my gentoo box.
> >
> > 2nd, I've so far failed to get openswan 2.4.x to actually work in the
> > configuration I'd like to use: 2.6 kernel, klips and using nat-t.
> >
> > Is there any recommended kernel/openswan kombination that's actually
> > known to work?  Does nat-t work with netkey?
>
>   I have been using a vanilla kernel 2.6.11.7 with CVS version more recent
> that Openswan 2.3.1. It worked with kernel built-in NAT-T and netkey. But
> it was not 100% stable because of sporadic "ASSERTION failed".
>   Since last Saturday I'm using Kernel 2.6.14.2 with Openswan 2.4.2rc1
> (compiled with gcc 3.3.5 and binutils 2.15 in a Debian unstable dist.)
> without any errors. I still use kernel built-in NAT-T and netkey. So far
> without problems!
>   I have an average of 15 IPSec Roadwarrior SAs with client/gateway
> certificate based auth.

  I should add that after 4 days of uptime of this solution I had the first 
problem but not related with IPSec.
  The "l2tpd" entered in a kind of deadlock in which it puts every pppd in 
"defunct" state. I had to issue a "kill -9" to the l2tpd and start it again.
  I use l2tpd v0.70 which is AFAIK unmaintained.

Jorge Matias



More information about the Users mailing list