[Openswan Users] ipsec manual problem with 2.4 kernel

Adrian Wee Chin Mun cmwee at itee.uq.edu.au
Wed Oct 11 01:23:48 EDT 2006


Hi,

            I am somewhat new to this so pardon the rather newbie questions.
First of all I am running 2 different Linux boxes, one with 2.4 kernel and
another with 2.6 kernel. I used rpm for the 2.6 (since it was available) and
compiled for the 2.4 (no rpm since it is an old FC1). I am just using PC
host-to-host for testing now. First of all I am would like to implement
openswan on an embedded system and I will not need IKE so I am only using
manual keying. 

 

First of all the things that work:

All parts of auto keying works. both with RSA and PSK.

 

Things that don't work:

I can get ipsec manual to work with the 2.6 kernel.

ipsec manual -up formanual

 

config setup

        nat_traversal=no

        nhelpers=0

        interfaces="ipsec0=eth0"

 

conn formanual

        left=192.168.1.200

        right=192.168.1.10

        spi=0x200

        esp=3des-md5-96

        espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0

        espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf

 

ifconfig (on the 2.6) shows

eth0      Link encap:Ethernet  HWaddr 00:80:C8:48:8F:96  

          inet addr:192.168.1.200  Bcast:192.168.1.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2659 errors:1 dropped:0 overruns:0 frame:0

          TX packets:2929 errors:1 dropped:0 overruns:0 carrier:1

          collisions:0 txqueuelen:1000 

          RX bytes:698832 (682.4 Kb)  TX bytes:370454 (361.7 Kb)

          Interrupt:11 Base address:0x9c00 

 

eth1      Link encap:Ethernet  HWaddr 00:02:B3:27:37:38  

          inet addr:192.168.0.126  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:5145 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3901 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:650838 (635.5 Kb)  TX bytes:932312 (910.4 Kb)

          Interrupt:10 Base address:0xec40 Memory:fbffe000-fbffe038 

 

ipsec0    Link encap:Ethernet  HWaddr 00:80:C8:48:8F:96  

          inet addr:192.168.1.200  Mask:255.255.255.0

          UP RUNNING NOARP  MTU:16260  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:89 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:10 

          RX bytes:0 (0.0 b)  TX bytes:13246 (12.9 Kb)

 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:4343 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4343 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:3797852 (3.6 Mb)  TX bytes:3797852 (3.6 Mb)

 

 

 

However this doesn't seem to work with the one running on the 2.4 kernel

ipsec manual -up formanual

gives 'ipsec manual: fatal error in "formanual" no IPsec-enabled interfaces
found

 

config setup

        nat_traversal=no

        nhelpers=0

        interfaces="ipsec0=eth2"

 

conn formanual

        left=192.168.1.200

        right=192.168.1.10

        spi=0x200

        esp=3des-md5-96

        espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0

        espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf

 

 

ifconfig (on the 2.4) gives

 

eth2      Link encap:Ethernet  HWaddr 00:80:C8:F6:23:82  

          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::280:c8ff:fef6:2382/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:2992 errors:1 dropped:0 overruns:0 frame:0

          TX packets:2734 errors:4 dropped:0 overruns:0 carrier:4

          collisions:0 txqueuelen:1000 

          RX bytes:381338 (372.4 KiB)  TX bytes:710135 (693.4 KiB)

          Interrupt:11 Base address:0xec00 

 

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:4432 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4432 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:5056638 (4.8 MiB)  TX bytes:5056638 (4.8 MiB)

 

Of interest would be that there is no ipsec0 interface and also that
192.168.1.10 is available. Tcpdump on the 2.4 box also show that it actually
receives the packets:

14:33:13.364072 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x71), length 116

14:33:14.364037 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x72), length 116

14:33:15.364090 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x73), length 116

14:33:16.364124 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x74), length 116

14:33:17.364173 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x75), length 116

14:33:18.364228 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x76), length 116

14:33:19.364263 IP 192.168.1.200 > 192.168.1.10:
ESP(spi=0x00000200,seq=0x77), length 116

 

So obviously the ipsec manual appears ok with the 2.6 kernel and will not
start for the 2.4 kernel. I have tried restarting the network and ipsec
services to no avail. Any help or comments would be appreciated.

 

Thank you

Adrian

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061011/4ccfcb81/attachment-0001.html 


More information about the Users mailing list