[Openswan Users] Openswan 2.4.6rc5 under CentOS 4.3

[Paul Wouters]

On Tue, 15 Aug 2006, Bas Rijniersce wrote:

> I'm trying to get Openswan running in a CentOS 4.3 environment. I want to
> modify as little as possible so that the machine can be kept up to date
> easily. I'd rather not compile a special kernel, but if that's the only
> solution, no problem.

If you want to run klips with nat-traversal support, you will have to.

> It's running kernel 2.6.9-34.0.2.EL. Installed the kerneldevel RPM (and
> kernel src rpm as well). I compiled openswan with:
> make KERNELSRC=/lib/modules/`uname -r`/build/ module minstall (and same for
> progs)
>
> Module seems to load fine, lsmod shows as loaded. I do get quite a bit of
> output on the console that I don't know is normal:

Did you disable/unload the netkey modules (af_key esp4 ah4 ipcomp)

> ----
> Aug 15 12:44:15 INAKFW001 kernel: klips_debug:ipsec_eroute_get_info:
> buffer=0pc9cce000, *start=0p00000000, offset=61, length=1024

Looks like you ran openswan with klipsdebug enabled?

> The problem is when I restart the machine, or just restart the service. I
> panic's :-) Not a good thing for a box that will be hidden in a closet in
> India :)

Make sure netkey isnt loaded. If you want to be sure to use just klips, add
a call to 'modprobe ipsec' in your /etc/rc.d.rc.sysinit (but if that crashes
your computer, better not do it).

> I video of the crash can be found at: http://www.brijn.nu/openswan_crash.avi

That didn't play for me on xine. But I believe you.

> Can I build the module as I did, should that work OK? Any other suggestion
> on what might be wrong?

It should work. I have no idea why your machine is crashing.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155