[Openswan Users] Solution for no ipsec0 interface on 2.6 kernel?

Paul Waldo pwaldo at waldoware.com
Mon Sep 26 07:44:24 CEST 2005


Hi Jarek,

Thanks for the reply.  I guess I should qualify the problem.  AFAIK, the IPCop 
side has no problem, as I see many reports of successful VPN connection to an 
IPCop box.  The real issue is on the client.  I am running Mandrivia LE 2005, 
which has a 2.6 kernel.  That is where the packets get improperly sent on the 
unencrypted interface (since there is no ipsec* device).  Hopefully this will 
clarify.  Thanks!

Paul

On Monday 26 September 2005 05:17 am, jarek wrote:
> hello,
>
> Am Sonntag, den 25.09.2005, 22:56 -0400 schrieb Paul Waldo:
> > Hi all,
> >
> > I am running IPCop as a firewall.  The IPCop box runs a 2.4.29 kernel and
> > openswan 1.0.7.  Among other things, it has three main interfaces:
>
> upgrade to 1.4.8 and you will have less trouble... espacielly
> dpdaction=restart will help you handle reconnecting wlan-users.
>
> > Internal network - 10.0.0.1/255.255.255.0
> > Internet connection - XXX.XXX.XXX.XXX/255.255.254.0
> > WiFi Network - 192.168.0.1/255.255.255.0
> >
> > I am trying to create a VPN between a client on the WiFi network to allow
> > it to be part of the Internal network.  After quite a bit of hair
> > pulling, I have gotten the encryption portion working: both sides say
> > "ISAKMP SA established" and "IPSec SA established".  Minor victory for
> > me! :-/
>
> there are some docs on the ipcop-page about having ipsec on wifi/blue
> interface.
>
> > Unfortunately, I can't even ping any of the 10.0.0.* Internal boxes.  My
> > firewall logs show that it is rejecting packets from the WiFi client to
> > the 10.0.0.* boxes, which is what it does with no VPN.
> >
> > After much googling, I have just realized that the ipsec* interfaces
> > aren't supported on a 2.6 kernel.  Ugh!  So it seems that even though I
> > have the tunnel up, the ping packets are being sent over the standard eth
> > interface and (properly) being dropped by the firewall.
>
> your kernel is 2.4.29 or 2.6.x ???
>
> > The only solution google gave me was "use a 2.4 kernel", which is really
> > not an option.  I found vague references to altering iptables rules, but
> > I'm hoping to not have to dive that deeply into it.  Has anyone found a
> > good solution to this problem?  Thanks in advance for any help!
>
> insertung proper rules into /etc/rc.d/rc.firewall.local may really help.
>
> regards
> jz
>
> > Paul
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users


More information about the Users mailing list