[Openswan Users] 2.4.0 trouble
Ethy H. Brito
ethy.brito at inexo.com.br
Wed Oct 5 08:46:58 CEST 2005
On Wed, 5 Oct 2005 09:34:04 +0200 (CEST)
Paul Wouters <paul at xelerance.com> wrote:
> On Tue, 4 Oct 2005, Ethy H. Brito wrote:
>
> > I got this
> > Oct 4 21:07:49 cressem ipsec_setup: KLIPS ipsec0 on eth0 200.231.48.37/255.255.255.224 broadcast 200.231.48.63
> > Oct 4 21:07:49 cressem ipsec_setup: ...Openswan IPsec started
> > Oct 4 21:07:49 cressem ipsec_setup: Starting Openswan IPsec U2.4.0/K2.6.13.2...
> > Oct 4 21:07:50 cressem ipsec__plutorun: 104 "cressem" #1: STATE_MAIN_I1: initiate
> > Oct 4 21:07:50 cressem ipsec__plutorun: ...could not start conn "cressem"
> >
> > and no clues what is wrong. The error messages could be more clear.
>
> I am not seeing all the error message. Check /var/log/secure or /var/log/daemon.log or /var/log/auth.log
>
After playing around with 'ip route' I could make it 'kind a work'.
I say 'kind a work' because the misleading error message '...could not start
conn "cressem"' make me believe that there was something very very wrong. I
then set plutodebug=all and klipsdebug=all and after one hour or two browsing thru
the most incoomprehensive lines I've ever read (PERL not included :) ) I could
NOT find anything that looked like an error. :-0
So why does _plutoload say it 'could not start conn "cressem" if I can see ESP
flowing?
Why is this message so inconclusive?
Even with this report the conn should be working?
Another question: if I run 'ipsec auto --up --asynchronous cressem'
( _plutoload line 123) from console it gives me no error ($?=0). Why???
> > I am about to give up kernel 2.6, downgrade to 2.4.31 and OpenSwan 2.2.0.
>
> openswan-2.2.0 will not work with 2.4.31.
>
> A new developer release (2.4.2dr1) was released today that fixes some issues, one being
> compilation on 2.4.31.
I think that with the questions above we engaged in another fight. :-)
Did you know that net/xfrmudp.h is not found whem compiling 2.4.0
modobj26/ipsec_init.c line 95 (missing link?)? I had to replace the #include
with the full path. I was giving KLIPS a try when I found this.
Regards
Ethy
More information about the Users
mailing list