[Openswan Users] KIPS broken, NETKEY works

Paul Wouters paul at xelerance.com
Sat Nov 4 16:24:28 EST 2006


On Sat, 4 Nov 2006, Turbo Fredriksson wrote:

> >>> Looking at this again, I see that the 'ipsec.ko' module
> >>> is NOT loaded!
> >>> Any ideas?
> >>
> >> I suppose your KLIPS setup is borken (is that Swedish? :-)
> >> and if you use NETKEY it works.
> >
> > Any idea WHY it's broken? What's the difference between KLIPS
> > and NETKEY, and why exactly (short if you may :) should I use
> > the one before the other?
>
> This is (part of) my .config (output from 'ipsec barf') if that
> helps figuring out why KLIPS don't work:

It looks fine, except for CONFIG_IPSEC_NET_TRAVERSAL missing. so you did not
appply the nat-t patch, so KLIPs won't support nat-t packets (but NETKEY will).

Paul

> ----- s n i p -----
> + cat /lib/modules/2.6.17/build/.config
> + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV'
> CONFIG_NET_KEY=m
> CONFIG_INET=y
> CONFIG_IP_MULTICAST=y
> CONFIG_IP_ADVANCED_ROUTER=y
> # CONFIG_IP_FIB_TRIE is not set
> CONFIG_IP_FIB_HASH=y
> CONFIG_IP_MULTIPLE_TABLES=y
> CONFIG_IP_ROUTE_FWMARK=y
> CONFIG_IP_ROUTE_MULTIPATH=y
> # CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
> CONFIG_IP_ROUTE_VERBOSE=y
> # CONFIG_IP_PNP is not set
> CONFIG_IP_MROUTE=y
> CONFIG_IP_PIMSM_V1=y
> CONFIG_IP_PIMSM_V2=y
> CONFIG_INET_AH=m
> CONFIG_INET_ESP=m
> CONFIG_INET_IPCOMP=m
> CONFIG_INET_XFRM_TUNNEL=m
> CONFIG_INET_TUNNEL=m
> CONFIG_INET_DIAG=y
> CONFIG_INET_TCP_DIAG=y
> CONFIG_IP_VS=m
> # CONFIG_IP_VS_DEBUG is not set
> CONFIG_IP_VS_TAB_BITS=12
> CONFIG_IP_VS_PROTO_TCP=y
> CONFIG_IP_VS_PROTO_UDP=y
> CONFIG_IP_VS_PROTO_ESP=y
> CONFIG_IP_VS_PROTO_AH=y
> CONFIG_IP_VS_RR=m
> CONFIG_IP_VS_WRR=m
> CONFIG_IP_VS_LC=m
> CONFIG_IP_VS_WLC=m
> CONFIG_IP_VS_LBLC=m
> CONFIG_IP_VS_LBLCR=m
> CONFIG_IP_VS_DH=m
> CONFIG_IP_VS_SH=m
> CONFIG_IP_VS_SED=m
> CONFIG_IP_VS_NQ=m
> CONFIG_IP_VS_FTP=m
> # CONFIG_IPV6 is not set
> # CONFIG_INET6_XFRM_TUNNEL is not set
> # CONFIG_INET6_TUNNEL is not set
> CONFIG_IP_NF_CONNTRACK=m
> CONFIG_IP_NF_CT_ACCT=y
> CONFIG_IP_NF_CONNTRACK_MARK=y
> CONFIG_IP_NF_CONNTRACK_EVENTS=y
> CONFIG_IP_NF_CONNTRACK_NETLINK=m
> CONFIG_IP_NF_CT_PROTO_SCTP=m
> CONFIG_IP_NF_FTP=m
> CONFIG_IP_NF_IRC=m
> CONFIG_IP_NF_NETBIOS_NS=m
> CONFIG_IP_NF_TFTP=m
> CONFIG_IP_NF_AMANDA=m
> CONFIG_IP_NF_PPTP=m
> CONFIG_IP_NF_H323=m
> CONFIG_IP_NF_QUEUE=m
> CONFIG_IP_NF_IPTABLES=m
> CONFIG_IP_NF_MATCH_IPRANGE=m
> CONFIG_IP_NF_MATCH_TOS=m
> CONFIG_IP_NF_MATCH_RECENT=m
> CONFIG_IP_NF_MATCH_ECN=m
> CONFIG_IP_NF_MATCH_DSCP=m
> CONFIG_IP_NF_MATCH_AH=m
> CONFIG_IP_NF_MATCH_TTL=m
> CONFIG_IP_NF_MATCH_OWNER=m
> CONFIG_IP_NF_MATCH_ADDRTYPE=m
> CONFIG_IP_NF_MATCH_HASHLIMIT=m
> CONFIG_IP_NF_FILTER=m
> CONFIG_IP_NF_TARGET_REJECT=m
> CONFIG_IP_NF_TARGET_LOG=m
> CONFIG_IP_NF_TARGET_ULOG=m
> CONFIG_IP_NF_TARGET_TCPMSS=m
> CONFIG_IP_NF_NAT=m
> CONFIG_IP_NF_NAT_NEEDED=y
> CONFIG_IP_NF_TARGET_MASQUERADE=m
> CONFIG_IP_NF_TARGET_REDIRECT=m
> CONFIG_IP_NF_TARGET_NETMAP=m
> CONFIG_IP_NF_TARGET_SAME=m
> CONFIG_IP_NF_NAT_SNMP_BASIC=m
> CONFIG_IP_NF_NAT_IRC=m
> CONFIG_IP_NF_NAT_FTP=m
> CONFIG_IP_NF_NAT_TFTP=m
> CONFIG_IP_NF_NAT_AMANDA=m
> CONFIG_IP_NF_NAT_PPTP=m
> CONFIG_IP_NF_NAT_H323=m
> CONFIG_IP_NF_MANGLE=m
> CONFIG_IP_NF_TARGET_TOS=m
> CONFIG_IP_NF_TARGET_ECN=m
> CONFIG_IP_NF_TARGET_DSCP=m
> CONFIG_IP_NF_TARGET_TTL=m
> CONFIG_IP_NF_TARGET_CLUSTERIP=m
> CONFIG_IP_NF_RAW=m
> CONFIG_IP_NF_ARPTABLES=m
> CONFIG_IP_NF_ARPFILTER=m
> CONFIG_IP_NF_ARP_MANGLE=m
> CONFIG_IP_DCCP=m
> CONFIG_INET_DCCP_DIAG=m
> CONFIG_IP_DCCP_ACKVEC=y
> CONFIG_IP_DCCP_CCID2=m
> CONFIG_IP_DCCP_CCID3=m
> CONFIG_IP_DCCP_TFRC_LIB=m
> # CONFIG_IP_DCCP_DEBUG is not set
> CONFIG_IP_SCTP=m
> CONFIG_IPX=m
> # CONFIG_IPX_INTERN is not set
> CONFIG_IPDDP=m
> CONFIG_IPDDP_ENCAP=y
> CONFIG_IPDDP_DECAP=y
> CONFIG_KLIPS=m
> CONFIG_KLIPS_ESP=y
> CONFIG_KLIPS_AH=y
> CONFIG_KLIPS_AUTH_HMAC_MD5=y
> CONFIG_KLIPS_AUTH_HMAC_SHA1=y
> # CONFIG_KLIPS_ENC_CRYPTOAPI is not set
> CONFIG_KLIPS_ENC_3DES=y
> CONFIG_KLIPS_ENC_AES=y
> CONFIG_KLIPS_IPCOMP=y
> CONFIG_KLIPS_DEBUG=y
> # CONFIG_IPW2100 is not set
> # CONFIG_IPW2200 is not set
> CONFIG_IPPP_FILTER=y
> CONFIG_IPMI_HANDLER=m
> # CONFIG_IPMI_PANIC_EVENT is not set
> CONFIG_IPMI_DEVICE_INTERFACE=m
> CONFIG_IPMI_SI=m
> CONFIG_IPMI_WATCHDOG=m
> # CONFIG_IPMI_POWEROFF is not set
> CONFIG_HW_RANDOM=m
> # CONFIG_CRYPTO_DEV_PADLOCK is not set
> ----- s n i p -----
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list