[Openswan Users] KLIPS on CentOS 5.1

Sergio Cioban Filho cioban at gmail.com
Wed Dec 3 12:07:02 EST 2008


> Your barfs show KLIPS is being used, so you are using it.
> I assume you did "make module module_install" with openswan,
> so then you would not have cryptoapi support with klips.


yes, I did an  'make module' and  an 'make minstall' in openswan, in reality
I'm using an openswan.spec to create an rpm package.
I'm using the ipsec kernel module.


> It shows one strange thing. You have both ipsecX and mastX interfaces.
> You're supposed to only have one or the other.
>
> Could you try these two things:
>
> - Try actually using just mastX, by using protostack=mast instead of
>  protostack=klips
>
> If that fails, try recompiling the openswan userland with USE_MAST=no



With protostack=mast the tunnel was established, but no eroute appeared ,
and ping fail.

I've tried to compile with USE_MAST=no or USE_MAST=false enviorment
vaeriable, but 'ipsec barf' yet shows mast and mast interface is present in
"/proc/net/dev".



Thanks,
Regards,
---
Sérgio Cioban Filho - LPIC1
------------------------------------------------------------
| Linux - Servidores - Firewall - VPN
| Virtualização - VoIP - ShellScript - C - PHP
| http://cioban.googlepages.com
| +55 48 9989-8733
------------------------------------------------------------
..:: Seja livre, use LiNuX!! ::..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081203/d2f4ea74/attachment.html 


More information about the Users mailing list