[Openswan Users] SLES10 SP1 and openswan 2.4.11

Paul Wouters paul at xelerance.com
Sun Feb 17 15:47:38 EST 2008


On Sun, 17 Feb 2008, Nicole Hähnel wrote:

> >> #ifdef SLE_VERSION_CODE
> >> #define HAVE_NEW_SKB_LINEARIZE
> >> #endif
> >
> > Can you give me a more precise match for SLE_VERSION_CODE ? If so, I can
> > add it to ipsec_kversion.h
>
> It's the same SLE_VERSION_CODE like in my post from 09.11.2007 11:32.
> #define SLE_VERSION_CODE 655616

Thanks. I've added a check. This will be in 2.4.12.

> If I grep for 'mode tunnel', I get 26 lines, but only 12 tunnels are
> configured.

> With 'ipsec status' are 13 tunnels up.

Perhaps these are old policies from rekeys? New tunnels become valid while
old tunnels linger a little bit to ensure there is no packet drops.

> I have to do 'ipsec auto --delete conn', 'ipsec auto --add conn' and
> 'ipsec auto --up conn' on the other sides of the gateway.

2.4.12 will have a fix for this problem. I hope to release it monday or
tuesday. You can also grab the 2.4 CVS to see the changes.

> Yes, it would be nice to have some logfiles for debugging, but all
> SLES10 SP1 servers I tried with just freeze.

Unfortunately, then it is hard for us to diagnose things.

> Are there still any problems with smp kernels?

There were two smp bugs. One was when using snmpd, and got fixed. The other
was when using two ipsecX devices and forwarding packets (so KLIPS only)

> Or any problems with fragicmp=yes and compress=yes known?

Not that I know.

Paul


More information about the Users mailing list