[Openswan Users] Routing doesn't route with Openswan U2.6.09 and Fedora 9

Greg Scott GregScott at InfraSupportEtc.com
Wed Dec 3 05:45:28 EST 2008


> Later test also seems to suggest the 2.4.x system used KLIPS and the
2.6.x system used NETKEY...

No - both the old and new systems are using NETKEY.  From the old system
(right now in the primary role)

[root at lme-fw1 gregs]# ipsec version
Linux Openswan U2.4.5/K2.6.18-1.2798.fc6 (netkey)
See `ipsec --copyright' for copyright information.

This is the one where the whack hangs when JanesvillePNT does an ipsec
auto --up and it hasn't yet done its ipsec auto --up.  

>From the new version - right now in a backup role with IPSEC not
currently running:

[gregs at lme-fw2 ~]$ /usr/sbin/ipsec version
Linux Openswan U2.6.09/K(no kernel code presently loaded)
See `ipsec --copyright' for copyright information.

You just gotta take my word for it, the new one is also running NETKEY.
I just can't bring openswan up on it right now because it's in a backup
role. 


> Don't. You do not need ipsec-tools at all. It is not used by openswan.

I should have been more clear.  I downloaded openswan-2.6.19.tar.gz.  


> You should upgrade the 2.6. system, as there have been some 
> NETKEY fixes with policies that did
> not get deleted.

OK - this sounds promising.  If setting up the tunnel to JanesvillePNT
turned on some policy that did not get turned off when taking down the
tunnel, this could explain the behavior I saw.  I will remove the
openswan 2.6.9 RPM and install openswan-2.6.19.tar.gz and report back
here on the results.  This may take a few days; this is turning into a
killer week.  

I'm starting to think it might be better to use the latest
openswan*.tar.gz downloads instead of the bundled openswan RPMs.  I have
a hunch I will run into differences in the paths where various programs
and config files are located but I can deal with that.  What is the
consensus of opinion on using bundled RPMs versus .tar.gz downloads?  

Thanks

- Greg



More information about the Users mailing list