[Openswan Users]

Paul Wouters paul at xelerance.com
Mon Apr 17 02:15:43 CEST 2006

On Sat, 15 Apr 2006, Gbenga wrote:

> Next I compiled the openswan userland.  which compiled well. To install I run, "make module minstall". I however, I have trouble inserting/modprobing the new ipsec.ko.
> I get the error output:
> aparo:~# modprobe ipsec
> FATAL: Error inserting ipsec (/lib/modules/ Unknown symbol in module, or unknown parameter (see dmesg)

What did dmesg say? This could be for instance a different c compiler that was
used for the kernel and the kernel module compile.

> ipsec verify :
>     aparo:/home/osogbetun# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan 2.4.5 (klips)

Odd, it seems you have the module loaded anyway?

> Checking for IPsec support in kernel                            [OK]
> KLIPS detected, checking for NAT Traversal support              [FAILED]

Did you boot into the new kernel? For the nat-t patch, which patches the
kernel's udp.c, you must rebuild both the kernel and all modules.

> However, I need some clarification regarding compiling klip, because there are many procedures from different sources.

> a.) the openswan book, it says to "For NAT-T patch: KERNELSRC=/source_to_kernel_source; cd openswan; make nattpatch > /usr/src/openswan-ipsec-natt.patch; cd $kernelsource_dir; cat /usr/src/openswan-ipsec-natt.patch | patch -p1 -s; make clean; make oldconfig
> b.) openswan wiki (http://wiki.openswan.org/index.php/Building%20from%20tarballs%20for%202.6) gives a different angle to how compile for kernel26. (note the line: export KERNELSRC=/lib/modules/`uname -r`/build)
> c.) from the README file in openswan source dir:
>     make nattpatch | (cd /usr/src/linux-2.6 && patch -p1 && make bzImage)

These are three different ways that accomplish the same, though c) needs to
have KERNELSRC set as well. KERNELSRC points to the kernel header files. These
can come from the full kernel source, but are also often installed in the
directory /lib/modules/kernel-version/build

>     From the openswan source directory, build the userland tools, and ipsec.o kernel module:
>     "make KERNELSRC=/usr/src/linux-2.6 programs module"
>     to install "make KERNELSRC=/usr/src/linux-2.6 install minstall"
> I would appreciate if someone can give me a working step-by-step guide to getting kernel 2.6.16.X working with native i.e compiled in klip, openswan 2.4.5

Either works, it depends on where/how your kernel source is. The /lib/modules/kernel-version method
only works for kernel modules. If you want the NAT-T patch, you will need the full kernel source.
Though on fedora for example, when installing the kernel-devel package, your kernel source will be
available through /lib/modules/kernel-version/build, or in /usr/src/kernels/kernel-version


More information about the Users mailing list