[Openswan Users] openswan startup and version interoperability

Andy Gay andy at andynet.net
Sun Jul 23 23:29:15 CEST 2006 

On Sun, 2006-07-23 at 18:09 -0700, Brian Sheets wrote:
>  Debian linux, kernel vmlinuz-2.6.15-1-686, openswan version
> 1:2.4.5+dfsg-
>  0.2
>  
>  Trying to connect to openswan 2.2.0
>  
>  Config on both sides
>  
>  version 2.0     # conforms to second version of ipsec.conf
> specification
>  
>  config setup
>          plutodebug=all

Bad idea. Comment this out please.

>          interfaces=%defaultroute
>  
> 
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:
>  !10.0.0.0/24
>  
>  conn net-to-net
>      left=207.7.xx.xx
>      leftsubnet=10.1.0.0/16
>      leftid=@l3-gateway1.xx.net       #
>      leftrsasigkey=<the really long key>
>      leftnexthop=%defaultroute      # correct in many situations
>      right=198.172.xx.xx
>      rightsubnet=10.200.0.0/16
>      rightid=@gateway1.xx.net
>      rightrsasigkey=<the other really long key>
>      rightnexthop=%defaultroute     # correct in many situations
>      auto=add                       # authorizes but doesn't start this
>                                     # connection at startup
>  # Add connections here
>  
>  #Disable Opportunistic Encryption
>  include /etc/ipsec.d/examples/no_oe.conf
> 
>  
>  startup on the 2.6.15 kernal box gives me
>  
>  l3-gateway1:/etc/init.d# sh ./ipsec restart
>  ipsec_setup: Stopping Openswan IPsec...
>  ipsec_setup: Starting Openswan IPsec 2.4.5...
>  ipsec_setup: insmod /lib/modules/2.6.15-1-686/kernel/net/key/af_key.ko
>  ipsec_setup: insmod /lib/modules/2.6.15-1-
>  686/kernel/net/ipv4/xfrm4_tunnel.ko
>  ipsec_setup: insmod
> /lib/modules/2.6.15-1-686/kernel/net/xfrm/xfrm_user.ko
>  ipsec_setup: insmod /lib/modules/2.6.15-1-
>  686/kernel/drivers/char/hw_random.ko
>  ipsec_setup: FATAL: Error inserting hw_random (/lib/modules/2.6.15-1-
>  686/kernel/drivers/char/hw_random.ko): No such device
>  ipsec_setup: insmod /lib/modules/2.6.15-1-
>  686/kernel/drivers/crypto/padlock.ko
>  ipsec_setup: FATAL: Error inserting padlock (/lib/modules/2.6.15-1-
>  686/kernel/drivers/crypto/padlock.ko): No such device
>  
>  In addition, ipsec auto --up net-to-net hangs from the command line,
> but
>  on the other, openswan 2.2 system, there is an attempt to make a
>  connection in the logs
>  
>  So, my question, are the errors bad?
No. Just means you don't have a hardware RNG or the padlock device.

>  What could be causing it to hang?
No idea. You'll need to post logs. PLEASE turn off plutodebug=all first!

>  
>  Thanks
>  
>  Brian
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155

More information about the Users mailing list