[Openswan Users] ipsec0 device

Vince John vince at zworg.com
Wed Mar 14 21:51:30 EDT 2007 

Thanks for your replies! And so quickly...

Can't say I was aware of that, but I'll copy-paste some output I get:

 # ipsec --version
Linux Openswan U2.2.0/K2.6.20.1 (native)

 # /etc/init.d/ipsec restart
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.20.1...

  # tail /var/log/syslog
Mar 15 09:12:19 ion ipsec_setup: ...Openswan IPsec stopped
Mar 15 09:12:19 ion ipsec_setup: Stopping Openswan IPsec...
Mar 15 09:12:19 ion ipsec_setup: KLIPS ipsec0 on eth0
xxx.xxx.xxx./255.255.255.0 broadcast xxx.xxx.xxx.255
Mar 15 09:12:19 ion ipsec_setup: ...Openswan IPsec started
Mar 15 09:12:19 ion ipsec_setup: Starting Openswan IPsec
U2.2.0/K2.6.20.1...

# ipsec auto --verbose --up road
002 "road" #5: initiating Main Mode
104 "road" #5: STATE_MAIN_I1: initiate
002 "road" #5: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
106 "road" #5: STATE_MAIN_I2: sent MI2, expecting MR2
002 "road" #5: I did not send a certificate because I do not have one.
002 "road" #5: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
108 "road" #5: STATE_MAIN_I3: sent MI3, expecting MR3
002 "road" #5: Peer ID is ID_FQDN: '@office'
002 "road" #5: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4
002 "road" #5: ISAKMP SA established
004 "road" #5: STATE_MAIN_I4: ISAKMP SA established
002 "road" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using
isakmp#5}
112 "road" #6: STATE_QUICK_I1: initiate
002 "road" #6: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2
002 "road" #6: sent QI2, IPsec SA established {ESP=>0x54731897
<0xd9b9d1e9}
004 "road" #6: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x54731897 <0xd9b9d1e9}

# cat /proc/net/dev
Inter-|   Receive                                                | 
Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes 
  packets errs drop fifo colls carrier compressed
    lo:   47518     610    0    0    0     0          0         0   
47518     610    0    0    0     0       0          0
  eth0: 6892569   57958    0    0    0     0          0         0 
8375639   58873    0    0    0     0       0          0
  eth1: 1179954   11731    0    0    0     0          0         0  
545489    3553    0    0    0     0       0          0

 # ifconfig ipsec0
ipsec0: error fetching interface information: Device not found

Apologies for formatting and if I fumble with other mailing list
conventions, please let me know, this is the first time I am subscribed
to one. 

In the syslog I clearly see KLIPS ipsec0 ... . The link works. From the
VPN client I can ping hosts on the subnet 'behind' the VPN server. 
Or is ipsec0 visible in some whole other place? 

Thanks in advance, 

Vince


Paul Wouters <paul at xelerance.com> wrote: 
> 
> On Wed, 14 Mar 2007, Vince John wrote:
> 
> >
> > My connection comes up all the way, and works, even, but I never see an
> > ipsec* device appearing anywhere.
> > For firewalling and routing reasons I do need one.
> > I have tried both
> >          interfaces="ipsec0=eth0"
> > and
> >         interfaces=%defaultroute
> > but nothing. Not with ifconfig, not in /proc/net/dev.
> >
> > Any idea what I am overlooking/forgetting?
> 
> If using NETKEY, you do not get ipsecX devices. Only when using KLIPS.
> Use ipsec --version so see which you are using.
> 
> Paul
> -- 
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 

--
Free e-mail accounts at http://zworg.com

More information about the Users mailing list