[Openswan Users] KLIPS on CentOS 5.1
Sergio Cioban Filho
cioban at gmail.com
Tue Dec 2 08:48:15 EST 2008
I'm using the default centos kernel.
My kernel configuration is:
[cioban at dev26 openswan-2.6.18]$ egrep CRYPTO.*=y
/boot/config-2.6.18-53.1.13.el5
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_CRC32C=y
CONFIG_CRYPTO_SIGNATURE=y
CONFIG_CRYPTO_SIGNATURE_DSA=y
CONFIG_CRYPTO_MPILIB=y
CONFIG_CRYPTO_DEV_PADLOCK_AES=y
Have no KLIPS configuration in my kernel...
I'm running the same code at each end.
The 'ipsec barf' not shows anything wrong... (see attachments)
Thanks,
Regards,
---
Sérgio Cioban Filho - LPIC1
------------------------------------------------------------
| Linux - Servidores - Firewall - VPN
| Virtualização - VoIP - ShellScript - C - PHP
| http://cioban.googlepages.com
| +55 48 9989-8733
------------------------------------------------------------
..:: Seja livre, use LiNuX!! ::..
On Tue, Dec 2, 2008 at 10:06 AM, David McCullough <
David_Mccullough at securecomputing.com> wrote:
>
> Jivin Sergio Cioban Filho lays it down ...
> > Hi David,
> >
> > I don't know if I'm using KLIPS+ALG support. How I do to check this?
>
> The config options for your kernel will tell us:
>
> egrep KLIPS.*=y linux-2.6.*/.config
> egrep CRYPTO.*=y linux-2.6.*/.config
>
> > In my testing my tunnel is also up fine, but can't receive packets from
> the
> > remote end. TX error count is increased in local ipsec0 interface when i
> try
> > sent packets to remote end.
>
> Yes the TX count will go up, but the packets are junked.
> Are you running the same code at each end ? If so, then you may not
> see traffic in one direction but not the other.
>
> Lets check your config first. If the following are not set:
>
> CONFIG_KLIPS_ALG=y
> CONFIG_KLIPS_ENC_CRYPTOAPI=y
>
> then an 'ipsec barf' would be the next thing to get.
>
> Cheers,
> Davidm
>
> > On Mon, Dec 1, 2008 at 9:01 PM, David McCullough <
> > David_Mccullough at securecomputing.com> wrote:
> >
> > >
> > > Jivin Paul Wouters lays it down ...
> > > > On Mon, 1 Dec 2008, Sergio Cioban Filho wrote:
> > > >
> > > > > Thanks for yor answer.
> > > > > I've tried to use version 2.6.19, but same error has ocurred.
> > > > > The SELinux has disabled.
> > > > > The output of ipsec barf is attached.
> > > >
> > > > I don't see anything wrong. Are you using ping -I ? since you did not
> > > > add leftsourceip= and rightsourceip= ?
> > >
> > > I am looking at a problem in this area.
> > >
> > > Are you using KLIPS + ALG support ?
> > >
> > > In my testing the tunnel is up fine, can receive packets from the
> > > remote end ok, but if you turn on debug at the remote end the packets
> being
> > > by KLIPS+ALG are not healthy.
> > >
> > > Can you check packets coming the other way ?
> > >
> > > Cheers,
> > > Davidm
> > >
> > > --
> > > David McCullough, david_mccullough at securecomputing.com, Ph:+61
> > > 734352815
> > > Secure Computing - SnapGear http://www.uCdot.org
> > > http://www.snapgear.com
> > >
>
> --
> David McCullough, david_mccullough at securecomputing.com, Ph:+61
> 734352815
> Secure Computing - SnapGear http://www.uCdot.org
> http://www.snapgear.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081202/27ae64b9/attachment-0001.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: left_barf.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20081202/27ae64b9/attachment-0002.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: right_barf.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20081202/27ae64b9/attachment-0003.txt
More information about the Users
mailing list