[Openswan Users] Routing doesn't route with Openswan U2.6.09 and Fedora 9
Greg Scott
GregScott at InfraSupportEtc.com
Wed Dec 3 05:45:28 EST 2008
> Later test also seems to suggest the 2.4.x system used KLIPS and the
2.6.x system used NETKEY...
No - both the old and new systems are using NETKEY. From the old system
(right now in the primary role)
[root at lme-fw1 gregs]# ipsec version
Linux Openswan U2.4.5/K2.6.18-1.2798.fc6 (netkey)
See `ipsec --copyright' for copyright information.
This is the one where the whack hangs when JanesvillePNT does an ipsec
auto --up and it hasn't yet done its ipsec auto --up.
>From the new version - right now in a backup role with IPSEC not
currently running:
[gregs at lme-fw2 ~]$ /usr/sbin/ipsec version
Linux Openswan U2.6.09/K(no kernel code presently loaded)
See `ipsec --copyright' for copyright information.
You just gotta take my word for it, the new one is also running NETKEY.
I just can't bring openswan up on it right now because it's in a backup
role.
> Don't. You do not need ipsec-tools at all. It is not used by openswan.
I should have been more clear. I downloaded openswan-2.6.19.tar.gz.
> You should upgrade the 2.6. system, as there have been some
> NETKEY fixes with policies that did
> not get deleted.
OK - this sounds promising. If setting up the tunnel to JanesvillePNT
turned on some policy that did not get turned off when taking down the
tunnel, this could explain the behavior I saw. I will remove the
openswan 2.6.9 RPM and install openswan-2.6.19.tar.gz and report back
here on the results. This may take a few days; this is turning into a
killer week.
I'm starting to think it might be better to use the latest
openswan*.tar.gz downloads instead of the bundled openswan RPMs. I have
a hunch I will run into differences in the paths where various programs
and config files are located but I can deal with that. What is the
consensus of opinion on using bundled RPMs versus .tar.gz downloads?
Thanks
- Greg
More information about the Users
mailing list