[Openswan Users] KLIPS on CentOS 5.1
David McCullough
David_Mccullough at securecomputing.com
Tue Dec 2 07:06:32 EST 2008
Jivin Sergio Cioban Filho lays it down ...
> Hi David,
>
> I don't know if I'm using KLIPS+ALG support. How I do to check this?
The config options for your kernel will tell us:
egrep KLIPS.*=y linux-2.6.*/.config
egrep CRYPTO.*=y linux-2.6.*/.config
> In my testing my tunnel is also up fine, but can't receive packets from the
> remote end. TX error count is increased in local ipsec0 interface when i try
> sent packets to remote end.
Yes the TX count will go up, but the packets are junked.
Are you running the same code at each end ? If so, then you may not
see traffic in one direction but not the other.
Lets check your config first. If the following are not set:
CONFIG_KLIPS_ALG=y
CONFIG_KLIPS_ENC_CRYPTOAPI=y
then an 'ipsec barf' would be the next thing to get.
Cheers,
Davidm
> On Mon, Dec 1, 2008 at 9:01 PM, David McCullough <
> David_Mccullough at securecomputing.com> wrote:
>
> >
> > Jivin Paul Wouters lays it down ...
> > > On Mon, 1 Dec 2008, Sergio Cioban Filho wrote:
> > >
> > > > Thanks for yor answer.
> > > > I've tried to use version 2.6.19, but same error has ocurred.
> > > > The SELinux has disabled.
> > > > The output of ipsec barf is attached.
> > >
> > > I don't see anything wrong. Are you using ping -I ? since you did not
> > > add leftsourceip= and rightsourceip= ?
> >
> > I am looking at a problem in this area.
> >
> > Are you using KLIPS + ALG support ?
> >
> > In my testing the tunnel is up fine, can receive packets from the
> > remote end ok, but if you turn on debug at the remote end the packets being
> > by KLIPS+ALG are not healthy.
> >
> > Can you check packets coming the other way ?
> >
> > Cheers,
> > Davidm
> >
> > --
> > David McCullough, david_mccullough at securecomputing.com, Ph:+61
> > 734352815
> > Secure Computing - SnapGear http://www.uCdot.org
> > http://www.snapgear.com
> >
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.snapgear.com
More information about the Users
mailing list