[Openswan Users] Starting ipsec locks machine

Rod Savard RodS at scm-ae.com
Thu Mar 23 15:46:18 CET 2006

I was a long-time user of FreeS/WAN 2.06 on 2.4 kernels.

I'm now attempting to get Openswan working in KLIPS mode on a 2.6 kernel
on Debian Sarge.

I downloaded linux- and configured/compiled it for my system.
Everything works great.  I then patched the kernel like so:

# cd /usr/src/linux-
# zcat ../openswan-2.4.5rc5.kernel-2.6-klips.patch.gz | patch -p1

I ran "make menuconfig" and included openswan ipsec and its various
suboptions (just took defaults I believe).  I did not compile it as a
module; I pressed "Y" to include it statically in the kernel.

I compile the new kernel, install it and reboot. The new kernel operates
as expected.  I now compile and install the userland programs by doing

# cd /usr/src/openswan-2.4.5rc5
# make programs install

Things seem to compile and install just fine (I do get errors about
man2html not being present, but I don't think that's important).

At this point openswan is using default config files.  If I try to start
ipsec like this I get a hard lock:

# /etc/init.d/ipsec start

I have to reboot my machine at this point (and disable the ipsec script
in single user mode because it will try to start automatically each time
I boot).

I turned on command echoing in the ipsec script and found that it hangs
immediately after the point where it sets an "outtmp" environment
variable.  It looks like the next command is "ipsec _realsetup"
(although that command is not echoed to the screen).  It's at that point
where the machine completely locks.

Any ideas?  Did I forget something important in the kernel config?  (I
disabled all native 2.6 ipsec features before patching the kernel and
turning on openswan.)

Thanks in advance!

Rod Savard
IT Project Manager / Sr Network Admin
SCM Consultants, Inc.
Phone: (509) 783-1625
Cell: (509) 948-1254

More information about the Users mailing list