[Openswan Users] Klips patch

[Paul Wouters]

On Tue, 25 Oct 2005, sasa wrote:

> "Paul Wouters" wrote:
> > If you are indeed running 2.6.11-1.35_FC3, you should 'modprobe ipsec' BEFORE starting
> > openswan. Use 'lsmod' to see if the module loaded. If the module did not load, something
> > is wrong on your build or your machine or your compile environment.
>
> ..now I have used a fresh installation of FC3 and then kernel 2.6.11-1.35_FC3 and all procedure for openswan & KLIPS, the situation il the follow ... on boot machine I have:
>
> [root at test4 ~]# lsmod
> Module                  Size  Used by
> ...
> ipcomp                  7881  0
> af_key                 33105  0
> ipsec                 339628  0

That's BAD! You should never have both af_key and ipsec loaded at the same time,
since they're both trying to register the IPsec PFKEY socket interface.

>
> ..then:
>
> [root at test4 ~]# rmmod af_key
> [root at test4 ~]# rmmod esp4
> [root at test4 ~]# rmmod ipcomp
> [root at test4 ~]# lsmod
> Module                  Size  Used by
> ...
> ipsec                 339628  0
> ...
>
> then...
>
> [root at test4 ~]# depmod -a
> [root at test4 ~]# modprobe ipsec
> [root at test4 ~]# lsmod
> Module                  Size  Used by
> ..
> ipsec                 339628  0
> ..
> [root at test4 ~]# service ipsec restart
> ipsec_setup: Stopping Openswan IPsec...
> ipsec_setup: Starting Openswan IPsec 2.4.0...
> ipsec_setup: insmod /lib/modules/2.6.11-1.35_FC3/kernel/net/key/af_key.ko

I've never seen this but I guess the ipsec module didn't manage to initialise
the pfey socets and got loaded but with failures.

Do NOT load the ipsec module when af_key is loaded. First unload af_key, then
load ipsec. Perhaps you want to remove or move aisde the af_key kernel module.

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)