[Openswan Users] Problems in IPSEC Start

PVGRaviKumar pvgravi at dlink.co.in
Thu Aug 28 06:26:26 EDT 2008 

Hi,

I am using Fedora Core4 system (KERNEL version 2.6.11)

I am using openswan 2.4.13 for ipsec support. 
I patched my kernel with klips patch.

After that I applied NAT-T patch, as suggested in README
I recompiled and installed my kernel after the patch.
When I am compiling the kernel I got the following error
error: ‘struct sock’ has no member named ‘sk_zapped’

That code was part of "CONFIG_KLIPS_DEBUG" MACRO and that debug message
alone my modifying the MACRO name.

I used the following command to compile openswan

make KERNEL=/usr/src/kernels/linux-2.6.11/ programs
make KERNEL=/usr/src/kernels/linux-2.6.11/ install

I didn't do any make module as I compiled my kernel with klips support
(as a module)

When I try to start ipsec with "service ipsec restart", I am getting a
segmentation fault.
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:
ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 104: 11041
Segmentation fault      ipsec klipsdebug --none
ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 104: 11042
Segmentation fault      ipsec eroute --clear
ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 104: 11043
Segmentation fault      ipsec spi --clear
ipsec_setup: Starting Openswan IPsec 2.4.13...
ipsec_setup: /usr/local/lib/ipsec/_startklips: line 350: 11112
Segmentation fault      ipsec klipsdebug --all
ipsec_setup: /usr/local/lib/ipsec/_startklips: line 413: 11113
Segmentation fault      ipsec eroute --clear
ipsec_setup: /usr/local/lib/ipsec/_startklips: line 413: 11114
Segmentation fault      ipsec spi --clear



My kernel configurations:

CONFIG_KLIPS=m

CONFIG_KLIPS_ESP=y
CONFIG_KLIPS_AH=y
CONFIG_KLIPS_AUTH_HMAC_MD5=y
CONFIG_KLIPS_AUTH_HMAC_SHA1=y
CONFIG_KLIPS_ALG=y
CONFIG_KLIPS_ENC_CRYPTOAPI=y
CONFIG_KLIPS_ENC_1DES=y
CONFIG_KLIPS_ENC_3DES=y
CONFIG_KLIPS_ENC_AES=y
# CONFIG_KLIPS_ENC_NULL is not set
# CONFIG_KLIPS_IPCOMP is not set
CONFIG_KLIPS_DEBUG=y
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
CONFIG_INET_TUNNEL=y
CONFIG_IPSEC_NAT_TRAVERSAL=y


Any idea, what could be the problem?

Note: It was working fine with NETKEY (before applying patches to
kernel) and was able to establish the tunnels

Thanks in advance
Ravi















 

DISCLAIMER: This message is proprietary to D-Link (India) Limited and is
intended solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified that
you are strictly prohibited from using, copying, altering, or disclosing the
contents of this message. D-Link (India) Limited accepts no responsibility
for loss or damage arising from the use of the information transmitted by
this email including damage from virus.

More information about the Users mailing list