[Openswan Users] Klips patch

Paul Wouters paul at xelerance.com
Tue Oct 11 22:35:51 CEST 2005


On Tue, 11 Oct 2005, sasa wrote:

>> Please dowload openswan-2.4.0-1.src.rpm from the openswan ftp/www site. Then
>> do the following:
>>
>> rpm -hiv openswan-2.4.0-1.src.rpm
>> cd /usr/src/redhat/SOURCES
>> tar zxvf openswan-2.4.0.tar.gz
>> cd openswan-2.4.0/packaging/redhat/
> [cut]
>>
>> That should give you a new openswan-klips package you can install that
>> should have support for nat-t. It will also give you a new openswan package
>> that matches the openswan-klips package. Install both using "rpm -Uhv"
>
> ..I have made all operation and all it's ok, but the ipsec0 interfaces isn't create (the same error then I have indicated in thread with subject 'interface ipsec0 not created') and I have:
>
> [root at localhost ~]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan U2.4.0/K2.6.12-1.1378_FC3 (netkey)

You are still using netkey and not klips. Make sure af_key and esp4 are not
loaded as modules and that ipsec is loaded as module.

> which: no setkey in (/sbin:/usr/bin:/usr/local/sbin:/usr/sbin:/usr/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin)

That's fine, you don't need setkey if using openswan-2.4.x.

Paul


More information about the Users mailing list