[Openswan Users] SLES10 SP1 and openswan 2.4.11

Paul Wouters paul at xelerance.com
Fri Feb 15 09:39:44 EST 2008

On Fri, 15 Feb 2008, Nicole Hähnel wrote:

> We first tried with klips:
> - module compiled with a little modification in ipsec_kversion.h
> #endif

Can you give me a more precise match for SLE_VERSION_CODE ? If so, I can
add it to ipsec_kversion.h

> But after 5 or 10 minutes server hangs, I can't see any errors!

You can try adding klipsdebug=all, but it might overload your system too.

> Now we're running netkey.
> But it's not the best.
> - I can't use "ipsec look" for checking if all tunnels are up.

ip xfrm state and/or ip xfrm policy

> - firewall rules not working like before with klips

Yes, those need to be redone, since it all comes in on the same interface now.

> - after rebooting the server no tunnels come up, I have to do this manually

Do what manually?

> The best solution is klips I think, but all servers I tried with are dead after a few minutes.
> (We need SLES10 SP1 for running Novell Open Enterprise 2)

Not having any logs whatsoever makes this impossible to debug though :(


More information about the Users mailing list