[Openswan Users] Problem KLIPS INSTALLATION :-)
conn intel
connintel at gmail.com
Thu Nov 2 11:16:42 EST 2006
Hello friends,
With your kind support i got my problem solved..
thank you.
Ankur.
On 11/2/06, conn intel <connintel at gmail.com> wrote:
>
> Hello friends,
>
> I am using the method in which ipsec.ko module generated from openswan
> rather then patching the kernel using klips patch.
>
> I am following the following steps as paul has mentioned nicely ::
>
> 1) Patch kernel using Natt
>
> export KERNELSRC=/usr/src/linux-2.6.17
> cd /home/software/openswan/openswan-2.4.6
> make natt-patch > /usr/src/linux-2.6.17/natt.patch
> cd /usr/src/kernel-source-2.6.8
> patch -p1 -s < natt.patch
>
> RESULT :: Works successfully
>
> 2) Compiled kernel successfully. Then booting into new nattpatched kernel,
> compiled the openswan by enabling USE_EXTRACRYPTO & USE_WEAKSTUFF flags.
> Following by ::
>
> make KERNELSRC=/usr/src/linux-2.6.17 programs module
> make KERNELSRC=/usr/src/linux-2.6.17 install minstall
>
> RESULT :: success Compiled.
>
> Now when I use combinations like ike=aes or 3des with esp=aes or 3des
> both works perfect, but when i try to use b lowfish or twofish or serpentthey are giving the following
> error..
>
> For Example :: using ike=blowfish and esp=blowfish i am getting following
> errormessage in /var/log/syslog :
>
>
> Nov 2 23:58:53 localhost kernel: klips_info:ipsec_init: KLIPS
> startup, Openswan KLIPS IPsec stack version: 2.4.6
> Nov 2 23:58:53 localhost kernel: NET: Registered protocol family 15
> Nov 2 23:58:53 localhost kernel: klips_info:ipsec_alg_init: KLIPS alg
> v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
> Nov 2 23:58:53 localhost kernel: klips_info:ipsec_alg_init: calling
> ipsec_alg_static_init()
> Nov 2 23:58:53 localhost kernel: ipsec_aes_init(alg_type=15 alg_id=12
> name=aes): ret=0
> Nov 2 23:58:53 localhost kernel: klips_debug: experimental
> ipsec_alg_AES_MAC not registered [Ok] (auth_id=0)
> Nov 2 23:58:53 localhost kernel: ipsec_3des_init(alg_type=15 alg_id=3
> name=3des): ret=0
> Nov 2 23:58:53 localhost ipsec_setup: KLIPS debug `none'
> Nov 2 23:58:53 localhost kernel:
> Nov 2 23:58:53 localhost ipsec_setup: KLIPS ipsec0 on eth0
> 192.168.1.4/255.0.0.0 broadcast 192.255.255.255
> Nov 2 23:58:53 localhost ipsec_setup: ...Openswan IPsec started
> Nov 2 23:58:53 localhost ipsec_setup: Starting Openswan IPsec 2.4.6..
> .
> Nov 2 23:58:53 localhost ipsec_setup: WARNING: changing route
> filtering on eth0 (changing /proc/sys/net/ipv4/conf/eth0/rp_filter from 1 to
> 0)
> Nov 2 23:58:53 localhost ipsec__plutorun: 003 "netone": requested
> kernel enc ealg_id=7 not present
> Nov 2 23:58:53 localhost ipsec__plutorun: 003 "netone": requested
> kernel enc ealg_id=7 not present
> Nov 2 23:58:53 localhost ipsec__plutorun: 034 "netone": can not
> initiate: no acceptable kernel algorithms loaded
> Nov 2 23:58:53 localhost ipsec__plutorun: ...could not start conn
> "netone"
>
> && using ike=1des and esp=aes getting following error ::
>
> Nov 3 00:05:06 localhost ipsec__plutorun: 034 esp string error:
> enc_alg not found, enc_alg="1des", auth_alg="", modp=""
>
>
>
> Now do i forgot any step or if there is any issue with the kernel.. Do
> kernel is not able to find the functions defined in the module or there is
> some problem with the openswan compiliation waiting for your suggestions.. I
> am using fresh sources for compilation.. :-)
>
> Thank You.
>
> Ankur.
>
> More Information ::
>
> debian:/home/software/openswan/openswan-2.4.6# ipsec verify
> Checking your system to see if IPsec got installed and started
> correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan 2.4.6 (klips)
> Checking for IPsec support in kernel [OK]
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support
> [DISABLED]
>
>
> debian:/home/software/openswan/openswan-2.4.6# ipsec setup restart
> ipsec_setup: ERROR: Module ipsec is in use
> ipsec_setup: Stopping Openswan IPsec...
> ipsec_setup: Starting Openswan IPsec 2.4.6...
>
> On 10/31/06, Paul Wouters <paul at xelerance.com> wrote:
> >
> > On Mon, 30 Oct 2006, conn intel wrote:
> >
> > > Thanx... for quick reply..
> > >
> > > a) Do i also need to set CONFIG_KLIPS as (module or built in). ?
> > >
> > > b) Am I wrong ? I think there are two ipsec modules generated
> > > 1) By compiling the kernel with CONFIG_KLIPS as modules 2) By "make
> > > kernelsrc=/usr/src/linux-2.6.17 minstall install" which will copy the
> > > ipsec.ko to /lib/modules/...ipsec/ipsec.ko. And thus overwriting the
> > > ipsec.ko generated by compiled patched kernel.
> >
> > Either patch the kernel with the klips patch and use 'make config' to
> > configure it,
> > or don't patch the kernel with the klips patch and use openswan's make
> > module module_install,
> > but don't use both. also, regarless of the method, you will need to
> > patch your kernel for
> > with nat-t patch (and configure and rebuild kernel + modules).
> >
> > Paul
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061102/d07bc438/attachment.html
More information about the Users
mailing list