[Openswan Users] Error ipsec_alg_null

Salvatore sasa at shoponweb.it
Thu May 10 13:37:30 EDT 2007 

Hi, I have the same problem also with kernel-2.6.16.11 but if I use openwsan 
2.4.5 instead of 2.4.7 I haven't problem.
Thanks.

------
Salvatore.

----- Original Message ----- 
From: "Salvatore" <sasa at shoponweb.it>
To: <users at openswan.org>
Sent: Monday, May 07, 2007 8:21 PM
Subject: [Openswan Users] Error ipsec_alg_null


> Hi, I use fedora core 5 on kernel-2.6.18.1-custom with klips and nat-t
> patch, when I try install openswan-2.4.7 I have an errore message:
>
> #make module26
> ...
> ln -s -f /root/openswan-2.4.7/linux/net/ipsec/null/ipsec_alg_null.c
> /root/openswan-2.4.7/modobj26/null/ipsec_alg_null.c
> ln: creazione del link simbolico
> `/root/openswan-2.4.7/modobj26/null/ipsec_alg_null.c' a
> `/root/openswan-2.4.7/linux/net/ipsec/null/ipsec_alg_null.c': No such file
> or directory
> make[2]: *** [/root/openswan-2.4.7/modobj26/null/ipsec_alg_null.c] Error 1
> make[1]: *** [_module_/root/openswan-2.4.7/modobj26] Error 2
> make[1]: Leaving directory `/root/linux-2.6.18.1'
> make: *** [module26] Error 2
>
> ..after I have run:
>
> #make minstall26
> #depmod -a
> #modprobe ipsec
> #make programs
> #make install
>
> ..but seem that ipsec work correctly:
>
> May  7 20:12:45 fw ipsec_setup: Starting Openswan IPsec 2.4.7...
> May  7 20:12:45 fw ipsec_setup: WARNING: changing route filtering on eth1
> (changing /proc/sys/net/ipv4/conf/eth1/rp_filter from 1 to 0)
> + _________________________ plog
> + sed -n '203,$p' /var/log/secure
> + egrep -i pluto
> + case "$1" in
> + cat
> May  7 20:12:45 fw ipsec__plutorun: Starting Pluto subsystem...
> May  7 20:12:45 fw pluto[1913]: Starting Pluto (Openswan Version 2.4.7
> PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEZ~BaB]r\134p_)
> May  7 20:12:45 fw pluto[1913]: Setting NAT-Traversal port-4500 floating 
> to
> on
> May  7 20:12:45 fw pluto[1913]:    port floating activation criteria
> nat_t=1/port_fload=1
> May  7 20:12:45 fw pluto[1913]:   including NAT-Traversal patch (Version
> 0.6c)
> May  7 20:12:45 fw pluto[1913]: ike_alg_register_enc(): Activating
> OAKLEY_AES_CBC: Ok (ret=0)
> May  7 20:12:45 fw pluto[1913]: starting up 1 cryptographic helpers
> May  7 20:12:45 fw pluto[1913]: started helper pid=1920 (fd:6)
> May  7 20:12:45 fw pluto[1913]: Using KLIPS IPsec interface code on 
> 2.6.18.1
> May  7 20:12:45 fw pluto[1913]: Changing to directory 
> '/etc/ipsec.d/cacerts'
> May  7 20:12:45 fw pluto[1913]: Changing to directory 
> '/etc/ipsec.d/aacerts'
> May  7 20:12:45 fw pluto[1913]: Changing to directory
> '/etc/ipsec.d/ocspcerts'
> May  7 20:12:45 fw pluto[1913]: Changing to directory '/etc/ipsec.d/crls'
> May  7 20:12:45 fw pluto[1913]:   Warning: empty directory
> May  7 20:12:45 fw pluto[1913]: added connection description "left-road"
> May  7 20:12:45 fw pluto[1913]: listening for IKE messages
> May  7 20:12:45 fw pluto[1913]: adding interface ipsec0/eth1 x.x.x.x:500
> May  7 20:12:45 fw pluto[1913]: adding interface ipsec0/eth1 x.x.x.x:4500
> May  7 20:12:45 fw pluto[1913]: loading secrets from "/etc/ipsec.secrets
>
> [root at fw ~]# ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path                                 [OK]
> Linux Openswan 2.4.7 (klips)
> Checking for IPsec support in kernel                            [OK]
> Checking for RSA private key (/etc/ipsec.secrets)               [OK]
> Checking that pluto is running                                  [OK]
> Two or more interfaces found, checking IP forwarding            [FAILED]
> Checking for 'ip' command                                       [OK]
> Checking for 'iptables' command                                 [OK]
> Opportunistic Encryption Support                                [DISABLED]
> [root at fw ~]# ps -ax|grep ipsec
> Warning: bad syntax, perhaps a bogus '-'? See
> /usr/share/doc/procps-3.2.6/FAQ
> 1911 ?        S      0:00 /bin/sh
> usr/local/lib/ipsec/_plutorun --debug  --uniqueids
> es --nocrsend  --strictcrlpolicy  --nat_traversal
> es --keep_alive  --protostack
> uto --force_keepalive  --disable_port_floating  --virtual_private
> %v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24 --crlcheckinterval
> 0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait
> o --pre  --post  --log daemon.error --pid /var/run/pluto/pluto.pid
> 1912 ?        S      0:00 /bin/sh
> usr/local/lib/ipsec/_plutorun --debug  --uniqueids
> es --nocrsend  --strictcrlpolicy  --nat_traversal
> es --keep_alive  --protostack
> uto --force_keepalive  --disable_port_floating  --virtual_private
> %v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24 --crlcheckinterval
> 0 --ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait
> o --pre  --post  --log daemon.error --pid /var/run/pluto/pluto.pid
> 1913 ?        S      0:00
> /usr/local/libexec/ipsec/pluto --nofork --secretsfile
> /etc/ipsec.secrets --ipsecdir
> /etc/ipsec.d --use-auto --uniqueids --nat_traversal --virtual_private
> %v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.0.0.0/24
> 1914 ?        S      0:00 /bin/sh /usr/local/lib/ipsec/_plutoload --wait
> no --post
> 1915 ?        S      0:00 logger -s -p daemon.error -t ipsec__plutorun
> 2564 pts/2    S+     0:00 grep ipsec
>
> ..now my dobious if openswan is correctly installed or no.
> Thanks.
>
> ------
> Salvatore.
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>

More information about the Users mailing list