[Openswan Users] OpenWrt, inet: Unknown host

Dave Chuha dchuha at yahoo.com
Sun Apr 8 15:55:12 EDT 2007 

> Paul Wouters skrev:
>> On Tue, 27 Mar 2007, Marcus Carlson wrote:
>> 
>>>>>>> The setup:
>>>>>>> OpenWrt Whiterussian with openswan 2.4.6 (installed with ipkg).
>>>>>>> ipsec.conf:
>>>>>>> conn mytunnel
>>>>>>>          right=ip.of.ri.ght
>>>>>>>          left=%defaultroute
>>>>>>> ipsec_setup: ifconfig: inet: Unknown host
>>>>>> that I've never seen before.
>>>>> Could it be something with busybox and/or the scripts cut the wrong piece
>>>>> from
>>>>> ifconfig?
>>>> I am running openwrt 0.9 with openswan on a few boxes, and do not see that
>>>> error.
>>>>
>>>>>>> 022 "mytunnel": We cannot identify ourselves with either end of this
>>>>>>> connection.
>>>>>> Did you add interfaces="ipsec0=ppp0" ?
>>>>>> I did not see a ppp device on your ifconfig line. Is your pptp/ppoe
>>>>>> connection
>>>>>> up? Perhaps you need a different interfaces= lines?
>>>>> Not using ppoe, standard ethernet with static ip. I've tried setting
>>>>> interface
>>>>> to the different interfaces (br0, vlan1). Atm the interface line is
>>>>> remarked.
>>>>> Also when ifconfig -a I can see that the ipsec0 interface has the same MAC
>>>>> address as vlan1 (which should be right, I think)
>>>> You can always add ipsec0 to br0, ipsec1 to vlan1, to ensure all physical
>>>> devices have an ipsecX device.
>>> Tried setting interfaces to the following:
>>> interfaces="ipsec0=br0 ipsec1=vlan1"
>>>
>>> When doing ipsec restart I get two (!) Unknown host
>> 
>>> ipsec_setup: ifconfig: inet: Unknown host
>>>
>>> ipsec_setup: ifconfig: inet: Unknown host
>> 
>> Odd. I bet the "ip route list" output differs from the normal output.
> 
> 192.168.30.0/24 dev br0  proto kernel  scope link  src 192.168.30.1
> 85.8.ZZ.0/24 dev vlan1  proto kernel  scope link  src 85.8.ZZ.YY
> default via 85.8.ZZ.254 dev vlan1
> 
> normal?
> 
>> 
>>> replace gets;
>>>
>>> root at OpenWrt:~$ ipsec auto --replace mycon
>>> ipsec_auto: fatal error in "mycon": %defaultroute requested but not known
>>>
>>> Any other idea?
>> 
>> try this:
>> 
>> interfaces="%defaultroute"
> 
> This is what I get;
> root at OpenWrt:~$ /etc/rc.d/init.d/ipsec restart
> ipsec_setup: rmmod: ipsec: Success
> 
> ipsec_setup: Stopping Openswan IPsec...
> 
> ipsec_setup: Starting Openswan IPsec 2.4.6...
> 
> ipsec_setup: insmod: a module named ipsec already exists
> 
> ipsec_setup: ifconfig: inet: Unknown host
> 
> root at OpenWrt:~$ ipsec auto --replace mycon
> root at OpenWrt:~$ ipsec auto --up mycon
> 022 "mycon": We cannot identify ourselves with either end of this 
> connection.
> 

I ran into this problem as well when trying to install Openswan on Openwrt White Russian 0.9 using X-Wrt based firmware file.  I spend quite a while on it until I searched for "ifconfig: inet: Unknown host" without the ipsec reference.  I believe the problem is that the X-Wrt firmware file includes Busybox 1.4.0 and the standard White Russian has Busybox 1.0.0.  Apparently the ifconfig in Busybox 1.4.0 does not like the inet parameter.

Some additional information can be found with this Busybox bug report

http://busybox.net/bugs/view.php?id=752

Apparently, Busybox 1.0.0 will accept ifconfig commands with the inet parameter but will exit with error.  Busybox 1.4.0 will not accept them at all and errors out with "ifconfig: inet: Unknown host".

An easy way to fix this is by removing the inet parameter from line 146 of the ifconfig command in /usr/lib/ipsec/_startklips.  See the following diff.  After changing this line, everything works perfectly.  I believe reverting to Busybox 1.0.0 should also work, but apparently the syntax is not correct for 1.0.0 either, it is just more forgiving.  I am not sure who the bug should be filed with but I may start with X-Wrt.

--- _startklips.old     Sat Mar 31 00:00:10 2007
+++ _startklips Sat Apr  7 01:51:25 2007
@@ -143,7 +143,7 @@
        then
                # attach the interface and bring it up
                ipsec tncfg --attach --virtual $virt --physical $phys
-               ifconfig $virt inet $addr $type $otheraddr netmask $mask $mtu
+               ifconfig $virt $addr $type $otheraddr netmask $mask $mtu
        fi

        # if %defaultroute, note the facts






 
____________________________________________________________________________________
TV dinner still cooling? 
Check out "Tonight's Picks" on Yahoo! TV.
http://tv.yahoo.com/

More information about the Users mailing list