[Openswan Users] Enabling Manually keyed IPSEC

Gangadharan G - TLS,Chennai gangadharang at hcl.in
Fri Dec 8 01:14:46 EST 2006 

Hi Paul,

Operating System       : Fedora Core 4
Linux Kernel version  : 2.6

>From the output of command "service ipsec start" and "ipsec verify", It
seems that we are using NETKEY only.
Still, We are having the problem "no IPsec-enabled interfaces found".
For more details about the entries that we have had added in the ipsec.conf,
I am attaching my first mail.

[root at localhost gganga]# service ipsec start
ipsec_setup: Starting Openswan IPsec 2.4.4...
ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/key/af_key.ko 
ipsec_setup: insmod
/lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/xfrm4_tunnel.ko

[root at localhost gganga]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey)
Checking for IPsec support in kernel                            [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [FAILED]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Checking for 'setkey' command for NETKEY IPsec stack support    [OK]
Opportunistic Encryption Support                                [DISABLED]


Thanks,
Gangadharan.

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Tuesday, December 05, 2006 4:50 AM
To: Gangadharan G - TLS,Chennai
Cc: users at openswan.org
Subject: RE: [Openswan Users] Enabling Manually keyed IPSEC


On Mon, 4 Dec 2006, Gangadharan G - TLS,Chennai wrote:

> IMS(Internet Multimedia SubSystem) Specification mandates to use the
> Manually Keyed IP-SEC(Transport Mode).

That's strange.

> Please help me in enabling the Manually Keyed IPSEC.

iSee man ipsec.conf and man ipsec_manual. As you can see from the man page
of
manual, we haven't looked at it in so long it still says "freeswan".

> I have struck with the problem "no IPsec-enabled interfaces found".

What kernel are you using? On Linux 2.4 you will need to patch KLIPS into
the kernel. On 26. you may patch KLIPS in, or use the NETKEY stack that
comes with the 2.6 kernel. (af_key.ko),

Paul
DISCLAIMER 
The contents of this e-mail and any attachment(s) are confidential and intended for the 

named recipient(s) only. It shall not attach any liability on the originator or HCL or its 

affiliates. Any views or opinions presented in this email are solely those of the author and 

may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, 

dissemination, copying, disclosure, modification, distribution and / or publication of this 

message without the prior written consent of the author of this e-mail is strictly 

prohibited. If you have received this email in error please delete it and notify the sender 

immediately. Before opening any mail and attachments please check them for viruses and 

defect.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Openswan Users Enabling Manually keyed IPSEC.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20061208/e03f3269/attachment-0001.txt

More information about the Users mailing list