[Openswan Users] SLES10 SP1 and openswan 2.4.11
paul at xelerance.com
Fri Feb 15 09:39:44 EST 2008
On Fri, 15 Feb 2008, Nicole Hähnel wrote:
> We first tried with klips:
> - module compiled with a little modification in ipsec_kversion.h
> #ifdef SLE_VERSION_CODE
> #define HAVE_NEW_SKB_LINEARIZE
Can you give me a more precise match for SLE_VERSION_CODE ? If so, I can
add it to ipsec_kversion.h
> But after 5 or 10 minutes server hangs, I can't see any errors!
You can try adding klipsdebug=all, but it might overload your system too.
> Now we're running netkey.
> But it's not the best.
> - I can't use "ipsec look" for checking if all tunnels are up.
ip xfrm state and/or ip xfrm policy
> - firewall rules not working like before with klips
Yes, those need to be redone, since it all comes in on the same interface now.
> - after rebooting the server no tunnels come up, I have to do this manually
Do what manually?
> The best solution is klips I think, but all servers I tried with are dead after a few minutes.
> (We need SLES10 SP1 for running Novell Open Enterprise 2)
Not having any logs whatsoever makes this impossible to debug though :(
More information about the Users