[Openswan Users] Problems in IPSEC Start
PVGRaviKumar
pvgravi at dlink.co.in
Thu Aug 28 03:21:36 EDT 2008
Hi Friends,
My issue got resolved.
I defined HAVE_SOCK_ZAPPED and NET_26_12_SKALLOC in pfkey_v2.c
These 2 enabled in 2.6.12 onwards, but as per my kernel
suggestions(2.6.11-1.1369) i added these 2 macros and now things are
fine
Regards
Ravi
On Thu, 2008-08-28 at 15:56 +0530, PVGRaviKumar wrote:
> Hi,
>
> I am using Fedora Core4 system (KERNEL version 2.6.11)
>
> I am using openswan 2.4.13 for ipsec support.
> I patched my kernel with klips patch.
>
> After that I applied NAT-T patch, as suggested in README
> I recompiled and installed my kernel after the patch.
> When I am compiling the kernel I got the following error
> error: ‘struct sock’ has no member named ‘sk_zapped’
>
> That code was part of "CONFIG_KLIPS_DEBUG" MACRO and that debug message
> alone my modifying the MACRO name.
>
> I used the following command to compile openswan
>
> make KERNEL=/usr/src/kernels/linux-2.6.11/ programs
> make KERNEL=/usr/src/kernels/linux-2.6.11/ install
>
> I didn't do any make module as I compiled my kernel with klips support
> (as a module)
>
> When I try to start ipsec with "service ipsec restart", I am getting a
> segmentation fault.
> ipsec_setup: Stopping Openswan IPsec...
> ipsec_setup: Removing orphaned /var/run/pluto/pluto.pid:
> ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 104: 11041
> Segmentation fault ipsec klipsdebug --none
> ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 104: 11042
> Segmentation fault ipsec eroute --clear
> ipsec_setup: /usr/local/lib/ipsec/_realsetup: line 104: 11043
> Segmentation fault ipsec spi --clear
> ipsec_setup: Starting Openswan IPsec 2.4.13...
> ipsec_setup: /usr/local/lib/ipsec/_startklips: line 350: 11112
> Segmentation fault ipsec klipsdebug --all
> ipsec_setup: /usr/local/lib/ipsec/_startklips: line 413: 11113
> Segmentation fault ipsec eroute --clear
> ipsec_setup: /usr/local/lib/ipsec/_startklips: line 413: 11114
> Segmentation fault ipsec spi --clear
>
>
>
> My kernel configurations:
>
> CONFIG_KLIPS=m
>
> CONFIG_KLIPS_ESP=y
> CONFIG_KLIPS_AH=y
> CONFIG_KLIPS_AUTH_HMAC_MD5=y
> CONFIG_KLIPS_AUTH_HMAC_SHA1=y
> CONFIG_KLIPS_ALG=y
> CONFIG_KLIPS_ENC_CRYPTOAPI=y
> CONFIG_KLIPS_ENC_1DES=y
> CONFIG_KLIPS_ENC_3DES=y
> CONFIG_KLIPS_ENC_AES=y
> # CONFIG_KLIPS_ENC_NULL is not set
> # CONFIG_KLIPS_IPCOMP is not set
> CONFIG_KLIPS_DEBUG=y
> # CONFIG_INET_AH is not set
> # CONFIG_INET_ESP is not set
> # CONFIG_INET_IPCOMP is not set
> CONFIG_INET_TUNNEL=y
> CONFIG_IPSEC_NAT_TRAVERSAL=y
>
>
> Any idea, what could be the problem?
>
> Note: It was working fine with NETKEY (before applying patches to
> kernel) and was able to establish the tunnels
>
> Thanks in advance
> Ravi
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> DISCLAIMER: This message is proprietary to D-Link (India) Limited and is
> intended solely for the use of the individual to whom it is addressed. It
> may contain privileged or confidential information and should not be
> circulated or used for any purpose other than for what it is intended. If
> you have received this message in error, please notify the originator
> immediately. If you are not the intended recipient, you are notified that
> you are strictly prohibited from using, copying, altering, or disclosing the
> contents of this message. D-Link (India) Limited accepts no responsibility
> for loss or damage arising from the use of the information transmitted by
> this email including damage from virus.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
DISCLAIMER: This message is proprietary to D-Link (India) Limited and is
intended solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified that
you are strictly prohibited from using, copying, altering, or disclosing the
contents of this message. D-Link (India) Limited accepts no responsibility
for loss or damage arising from the use of the information transmitted by
this email including damage from virus.
More information about the Users
mailing list