[Openswan Users] Using 1DES :(

Rajkumar S rajkumars at asianetindia.com
Fri Sep 2 18:31:07 CEST 2005 

Paul Wouters wrote:
> On Fri, 2 Sep 2005, Rajkumar S wrote:
> 
>>> Please grab the 2.4.0rc4.src.rpm that is on the FC3 directory on 
>>> ftp.openswan.org
>>> and build and install binaries from there using rpmbuild -bb
>>>
>>> There are known crashers in openswan-2.3.x.
>>
>>
>> I am on Debian, is it okay if I just grab the source and compile ?
> 
> 
> Of course.

I had complied openswan-2.4.0rc4 with just USE_WEAKSTUFF?=true using gcc-3.3 for kernel 
2.4.21. When I tried to start ipsec with the command "ipsec auto --up sample" I got the 
message

003 "sample": requested kernel enc ealg_id=2 not present
034 "sample": can not initiate: no acceptable kernel algorithms loaded

My ipsec.conf (in bief) has

         auto=add
         pfs=no
         keyexchange=ike
         esp=des-md5-56
include /etc/ipsec.d/examples/no_oe.conf

So to test if I need USE_EXTRACRYPTO?=true also enabled, I  compiled openswan-2.4.0rc4 
with USE_WEAKSTUFF?=true and USE_EXTRACRYPTO?=true Since gcc-3.3 was giving me errors I 
used gcc-2.95  to compile the kernel and openswan.

I started the ipsec using /etc/init.d/ipsec start and it started fine, but as I gave the 
command ipsec auto --status | grep alg.*ESP to list the algos available, pluto segfaulted.

Sep  2 17:02:35 localhost ipsec_setup: KLIPS debug `none'
Sep  2 17:02:35 localhost ipsec_setup: KLIPS ipsec0 on eth0 202.88.239.83/255.255.255.248 
broadcast 202.88.239.255
Sep  2 17:02:35 localhost ipsec_setup: ...Openswan IPsec started
Sep  2 17:02:35 localhost ipsec_setup: Starting Openswan IPsec 2.4.0rc4...
Sep  2 17:02:46 localhost ipsec__plutorun: /usr/local/lib/ipsec/_plutorun: line
1:  4784 Segmentation fault      /usr/local/libexec/ipsec/pluto --nofork --secretsfile 
/etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-all --use-auto --uniqueids
Sep  2 17:02:46 localhost ipsec__plutorun: !pluto failure!:  exited with error status 139 
(signal 11)
Sep  2 17:02:46 localhost ipsec__plutorun: restarting IPsec after pause...

So here I guess there is a bug.

Now, How can I make sure that the compiled code has 1DES enabled? It seems to me that till 
now I have never actually enabled 1DES in all the compilations.

with regards,

raj

More information about the Users mailing list