[Openswan Users] OpenSwan in UML

Jax cybercorecentre at gmail.com
Wed Oct 25 01:36:11 EDT 2006 

Paul Wouters wrote:
> On Wed, 25 Oct 2006, Jax wrote:
>
>   
Hi!

Thanks for the fast answer.
>> I trying to setup a simple L2TP/IPsec server in User Mode Linux. I
>> follow the Openswan book but don't have much time to setup this. It
>> would be a PSK based solution which looks really simple but I still
>> can't get far in a week :(
>> I just wondering someone did actually made an uml image with this
>>     
>
> You need this in UML? I know Michael just updated the umlswanroot
> uml image that is used for the testing infrastructure in the last
> weeks. Are you using the latest one? ftp://ftp.openswan.org/openswan/umlrootfs/
>
>   
No, I using my own uml images (debian stable and unstable).
>> Kernel: 2.6.18.1-bb2 and the whole system up-to-date (there wasn't any
>> problem with the install) however there is some serious problem with
>> pluto and it's generate 100% cpu usage:
>>     
>
> That's odd. I've never seen that happen on openswan 2.4.6. I wonder
> what it could be.
>
>   
>> ipsec__plutorun: ...could not start conn "west-east"
>> ipsec__plutorun: !pluto failure!:  exited with error status 1
>> ipsec__plutorun: restarting IPsec after pause...
>> ipsec__plutorun: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
>>     
>
> Looks like pluto it crashing. You can try setting 'plutorestartoncrash=no'
> and 'dumpdir=/tmp' in the config setup section and then you get a core and
> we can see why that is happening.
>
>   
It didn't create dump files in the /tmp but in the meantime I tried to 
start pluto with --debug-all --nofork --stderrlog
and maybe this is the error:

FATAL ERROR: Failed to bind bcast socket in init_netlink(). Errno 2: No 
such file or directory

It seems to me something missing from the NET part of the kernel.
>> Btw my first setup was worst. I made it in FC4 and everything work until
>> I restarted the machine, after that I got strange messages when ipsec
>> started:
>>
>> "Resource temporary unavailable" or something like this, I can't even
>> ping the remote host.
>>     
>
> That's actually much better. you just forgot to include /etc/ipsec.d/examples/no_oe.conf
> in /etc/ipsec.conf
>
>   
I don't know how why not find this answer with google, thanks :)
If I can't solve the uml problem then I reinstall fedora but it won't be 
in use all the time so a virtual machine more than enough.
> If you just need testing with virtual servers, using FC5 or FC6 with XEN is
> much easier. Unless you really want or need to setup UML testcases.
>
> Paul
>   
Best Regards,
Jax

More information about the Users mailing list