[Openswan Users] Error ipsec_alg_null

Salvatore sasa at shoponweb.it
Mon May 7 14:21:58 EDT 2007 

Hi, I use fedora core 5 on kernel-2.6.18.1-custom with klips and nat-t 
patch, when I try install openswan-2.4.7 I have an errore message:

#make module26
...
ln -s -f /root/openswan-2.4.7/linux/net/ipsec/null/ipsec_alg_null.c 
/root/openswan-2.4.7/modobj26/null/ipsec_alg_null.c
ln: creazione del link simbolico 
`/root/openswan-2.4.7/modobj26/null/ipsec_alg_null.c' a 
`/root/openswan-2.4.7/linux/net/ipsec/null/ipsec_alg_null.c': No such file 
or directory
make[2]: *** [/root/openswan-2.4.7/modobj26/null/ipsec_alg_null.c] Error 1
make[1]: *** [_module_/root/openswan-2.4.7/modobj26] Error 2
make[1]: Leaving directory `/root/linux-2.6.18.1'
make: *** [module26] Error 2

..after I have run:

#make minstall26
#depmod -a
#modprobe ipsec
#make programs
#make install

..but seem that ipsec work correctly:

May  7 20:12:45 fw ipsec_setup: Starting Openswan IPsec 2.4.7...
May  7 20:12:45 fw ipsec_setup: WARNING: changing route filtering on eth1 
(changing /proc/sys/net/ipv4/conf/eth1/rp_filter from 1 to 0)
+ _________________________ plog
+ sed -n '203,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
May  7 20:12:45 fw ipsec__plutorun: Starting Pluto subsystem...
May  7 20:12:45 fw pluto[1913]: Starting Pluto (Openswan Version 2.4.7 
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
May  7 20:12:45 fw pluto[1913]: Setting NAT-Traversal port-4500 floating to 
on
May  7 20:12:45 fw pluto[1913]:    port floating activation criteria 
nat_t=1/port_fload=1
May  7 20:12:45 fw pluto[1913]:   including NAT-Traversal patch (Version 
0.6c)
May  7 20:12:45 fw pluto[1913]: ike_alg_register_enc(): Activating 
OAKLEY_AES_CBC: Ok (ret=0)
May  7 20:12:45 fw pluto[1913]: starting up 1 cryptographic helpers
May  7 20:12:45 fw pluto[1913]: started helper pid=1920 (fd:6)
May  7 20:12:45 fw pluto[1913]: Using KLIPS IPsec interface code on 2.6.18.1
May  7 20:12:45 fw pluto[1913]: Changing to directory '/etc/ipsec.d/cacerts'
May  7 20:12:45 fw pluto[1913]: Changing to directory '/etc/ipsec.d/aacerts'
May  7 20:12:45 fw pluto[1913]: Changing to directory 
'/etc/ipsec.d/ocspcerts'
May  7 20:12:45 fw pluto[1913]: Changing to directory '/etc/ipsec.d/crls'
May  7 20:12:45 fw pluto[1913]:   Warning: empty directory
May  7 20:12:45 fw pluto[1913]: added connection description "left-road"
May  7 20:12:45 fw pluto[1913]: listening for IKE messages
May  7 20:12:45 fw pluto[1913]: adding interface ipsec0/eth1 x.x.x.x:500
May  7 20:12:45 fw pluto[1913]: adding interface ipsec0/eth1 x.x.x.x:4500
May  7 20:12:45 fw pluto[1913]: loading secrets from "/etc/ipsec.secrets

[root at fw ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan 2.4.7 (klips)
Checking for IPsec support in kernel                            [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [FAILED]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
[root at fw ~]# ps -ax|grep ipsec
Warning: bad syntax, perhaps a bogus '-'? See 
/usr/share/doc/procps-3.2.6/FAQ
 1911 ?        S      0:00 /bin/sh 
usr/local/lib/ipsec/_plutorun --debug  --uniqueids 
es --nocrsend  --strictcrlpolicy  --nat_traversal 
es --keep_alive  --protostack 
uto --force_keepalive  --disable_port_floating  --virtual_private 
%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24 --crlcheckinterval 
0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait 
o --pre  --post  --log daemon.error --pid /var/run/pluto/pluto.pid
 1912 ?        S      0:00 /bin/sh 
usr/local/lib/ipsec/_plutorun --debug  --uniqueids 
es --nocrsend  --strictcrlpolicy  --nat_traversal 
es --keep_alive  --protostack 
uto --force_keepalive  --disable_port_floating  --virtual_private 
%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24 --crlcheckinterval 
0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait 
o --pre  --post  --log daemon.error --pid /var/run/pluto/pluto.pid
 1913 ?        S      0:00 
/usr/local/libexec/ipsec/pluto --nofork --secretsfile 
/etc/ipsec.secrets --ipsecdir 
/etc/ipsec.d --use-auto --uniqueids --nat_traversal --virtual_private 
%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24
 1914 ?        S      0:00 /bin/sh /usr/local/lib/ipsec/_plutoload --wait 
no --post
 1915 ?        S      0:00 logger -s -p daemon.error -t ipsec__plutorun
 2564 pts/2    S+     0:00 grep ipsec

..now my dobious if openswan is correctly installed or no.
Thanks.

------
Salvatore.

More information about the Users mailing list