[Openswan Users] SLES10 SP1 and openswan 2.4.11

[Nicole Hähnel]

Paul Wouters schrieb:
> On Sun, 17 Feb 2008, Nicole Hähnel wrote:
>
>   
>>>> #ifdef SLE_VERSION_CODE
>>>> #define HAVE_NEW_SKB_LINEARIZE
>>>> #endif
>>>>         
>>> Can you give me a more precise match for SLE_VERSION_CODE ? If so, I can
>>> add it to ipsec_kversion.h
>>>       
>> It's the same SLE_VERSION_CODE like in my post from 09.11.2007 11:32.
>> #define SLE_VERSION_CODE 655616
>>     
>
> Thanks. I've added a check. This will be in 2.4.12.
>
>   
>> If I grep for 'mode tunnel', I get 26 lines, but only 12 tunnels are
>> configured.
>>     
>
>   
>> With 'ipsec status' are 13 tunnels up.
>>     
>
> Perhaps these are old policies from rekeys? New tunnels become valid while
> old tunnels linger a little bit to ensure there is no packet drops.
>
>   
>> I have to do 'ipsec auto --delete conn', 'ipsec auto --add conn' and
>> 'ipsec auto --up conn' on the other sides of the gateway.
>>     
>
> 2.4.12 will have a fix for this problem. I hope to release it monday or
> tuesday. You can also grab the 2.4 CVS to see the changes.
>
>   
>> Yes, it would be nice to have some logfiles for debugging, but all
>> SLES10 SP1 servers I tried with just freeze.
>>     
>
> Unfortunately, then it is hard for us to diagnose things.
>
>   
>> Are there still any problems with smp kernels?
>>     
>
> There were two smp bugs. One was when using snmpd, and got fixed. The other
> was when using two ipsecX devices and forwarding packets (so KLIPS only)
>
>   
>> Or any problems with fragicmp=yes and compress=yes known?
>>     
>
> Not that I know.
>
> Paul

Hi,

after testing with a lot of settings...
The SLES server freezes when activating compress=yes (only with klips).
I think, that's the same problem on our rhel5 server and the newest 
openswan version.
It would be nice, if this can be fixed.

Thanks!

Nicole