[Openswan Users] Problem KLIPS INSTALLATION :-)

conn intel connintel at gmail.com
Mon Oct 30 10:05:13 EST 2006


Hello Friends,

I am trying to install KLIPS but still dont leave it.. to the end.. :-)

I have successfully patch the kernel 2.6.17 using patch provided with
openswan 2.4.6. And also done the following changes in .config. After
booting in the new patched kernel i have successfully compiled openswan from
the instructions in README. But find the error below when trying to restart
ipsec. Also i have tried to do the modprobe but in vain.

Let me know where i am making mistake ..

Thank You.

Ankur.

SYSLOG OUTPUT ::

Oct 31 01:35:39 localhost ipsec_setup: ...Openswan IPsec started
Oct 31 01:35:39 localhost ipsec_setup: Starting Openswan IPsec 2.4.6...
Oct 31 01:35:40 localhost ipsec__plutorun: 003 "netone": requested kernel
enc ealg_id=2 not present
Oct 31 01:35:40 localhost ipsec__plutorun: 034 "netone": can not initiate:
no acceptable kernel algorithms loaded

modprobe ipsec
FATAL: Error inserting ipsec
(/lib/modules/2.6.17/kernel/net/ipsec/ipsec.ko): Unknown symbol in module,
or unknown parameter (see dmesg)
& in dmesg ::
ipsec0: no IPv6 routers present
ipsec: Unknown symbol ipsec_cryptoapi_init

OUTPUT :: ipsec verify ==>
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan 2.4.6 (klips)
Checking for IPsec support in kernel                            [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

KLIPS & NATT options in .config ==>

CONFIG_KLIPS=y
CONFIG_KLIPS_ESP=y
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
CONFIG_KLIPS_ENC_CRYPTOAPI=y
CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
CONFIG_KLIPS_IPCOMP=y
CONFIG_KLIPS_DEBUG=y
CONFIG_IPSEC_NAT_TRAVERSAL=y
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_XFRM_TUNNEL is not set
# CONFIG_INET_TUNNEL is not set

DMESG OUTPUT related to KLIPS::

klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version:
2.4.6
NET: Registered protocol family 15
klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
klips_info:ipsec_alg_init: calling ipsec_alg_static_init()
ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0
ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0
ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0
ipsec_cryptoapi.o was not built on stock Linux CryptoAPI (2.4.22+ or 2.6.x),
not loading.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061030/9712169d/attachment.html 


More information about the Users mailing list